+AT_SETUP([zcompressed data - bad zheader_ofs])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*zheader_ofs.*/>>i64 0<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x194: Wrong ZLIB data header offset 0 (expected 0x194).
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - bad ztrailer_ofs])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*ztrailer_ofs.*/>>i64 0<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x194: Impossible ZLIB trailer offset 0x0.
+])
+done
+AT_CLEANUP
+
+# ztrailer_len must be a multiple of 24 and at least 48,
+# so a value of 12 is impossible.
+AT_SETUP([zcompressed data - invalid ztrailer_len])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*ztrailer_len.*/>>i64 12<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x194: Invalid ZLIB trailer length 12.
+])
+done
+AT_CLEANUP
+
+# ztrailer_ofs + ztrailer_len must be the file size.
+AT_SETUP([zcompressed data - wrong ztrailer_len])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*ztrailer_len.*/>>i64 72<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [warning: `sys-file.sav' near offset 0x1ac: End of ZLIB trailer (0x24d) is not file size (0x235).
+error: `sys-file.sav' near offset 0x21d: 72-byte ZLIB trailer specifies 1 data blocks (expected 2).
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - wrong ztrailer_bias])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*ztrailer_bias.*/>>i64 0<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x20d: ZLIB trailer bias (0) differs from file header bias (100.00).
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - wrong ztrailer_zero])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*ztrailer_zero.*/>>i64 100<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [0], [warning: `sys-file.sav' near offset 0x215: ZLIB trailer "zero" field has nonzero value 100.
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - wrong block_size])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*block_size.*/>>0x1000<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [0], [warning: `sys-file.sav' near offset 0x219: ZLIB trailer specifies unexpected 4096-byte block size.
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - wrong n_blocks])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*n_blocks.*/>>2<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x21d: 48-byte ZLIB trailer specifies 2 data blocks (expected 1).
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - wrong uncompressed_ofs])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*uncompressed_ofs.*/i64 >>0x177<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x21d: ZLIB block descriptor 0 reported uncompressed data offset 0x177, when 0x194 was expected.
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - wrong compressed_ofs])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*@%:@ compressed_ofs.*/i64 >>0x191<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x21d: ZLIB block descriptor 0 reported compressed data offset 0x191, when 0x1ac was expected.
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - compressed sizes don't add up])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+AT_DATA([sys-file.sack], [dnl
+dnl File header.
+"$FL3"; s60 "$(#) SPSS DATA FILE PSPP synthetic test file";
+2; dnl Layout code
+6; dnl Nominal case size
+2; dnl zlib compressed
+0; dnl Not weighted
+-1; dnl Unspecified number of cases.
+100.0; dnl Bias.
+"01 Jan 11"; "20:53:52"; s64 "PSPP synthetic test file";
+i8 0 *3;
+
+dnl Numeric variables.
+2; 0; 0; 0; 0x050800 *2; s8 "NUM1";
+2; 0; 0; 0; 0x050800 *2; s8 "NUM2";
+
+dnl String variable.
+2; 4; 0; 0; 0x010400 *2; s8 "STR4";
+2; 8; 0; 0; 0x010800 *2; s8 "STR8";
+2; 15; 0; 0; 0x010f00 *2; s8 "STR15";
+2; -1; 0; 0; 0; 0; s8 "";
+
+dnl Character encoding record.
+7; 20; 1; 12; "windows-1252";
+
+dnl Dictionary termination record.
+999; 0;
+
+dnl ZLIB data header.
+i64 0x194; # zheader_ofs
+i64 0x1ac; # ztrailer_ofs
+i64 72; # ztrailer_len
+
+dnl This is where the ZLIB data blocks would go, but we don't need any to
+dnl provoke this message so we omit them.
+
+dnl ZLIB data trailer fixed header:
+i64 -100; # ztrailer_bias
+i64 0; # ztrailer_zero
+0x3ff000; # block_size
+2; # n_blocks
+
+dnl ZLIB block descriptor 1:
+i64 0x194; # uncompressed_ofs
+i64 0x1ac; # compressed_ofs
+0x100000; # uncompressed_size
+0x12345; # compressed_size
+
+dnl ZLIB block descriptor 2:
+i64 0x100194; # uncompressed_ofs
+i64 0x12421; # compressed_ofs
+0x100000; # uncompressed_size
+0x12345; # compressed_size
+])
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [warning: `sys-file.sav' near offset 0x1c4: ZLIB block descriptor 0 reported block size 0x100000, when 0x3ff000 was expected.
+error: `sys-file.sav' near offset 0x1dc: ZLIB block descriptor 1 reported compressed data offset 0x12421, when 0x124f1 was expected.
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - uncompressed_size > block_size])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*uncompressed_size.*/>>0x400000<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [0], [warning: `sys-file.sav' near offset 0x21d: ZLIB block descriptor 0 reported block size 0x400000, when at most 0x3ff000 was expected.
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - compression expands data too much])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*uncompressed_size.*/>>50<<;/
+s/.*@%:@ compressed_size.*/>>100<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x21d: ZLIB block descriptor 0 reports compressed size 100 and uncompressed size 50.
+])
+done
+AT_CLEANUP
+
+AT_SETUP([zcompressed data - compressed sizes don't add up])
+AT_KEYWORDS([sack synthetic system file negative zlib])
+zcompressed_sack | sed 's/.*@%:@ compressed_size.*/>>88<<;/' > sys-file.sack
+for variant in be le; do
+ AT_CHECK([sack --$variant sys-file.sack > sys-file.sav])
+ AT_DATA([sys-file.sps], [GET FILE='sys-file.sav'.
+])
+ AT_CHECK([pspp -o pspp.csv sys-file.sps], [1], [error: `sys-file.sav' near offset 0x235: ZLIB trailer is at offset 0x205 but 0x204 would be expected from block descriptors.
+])
+done
+AT_CLEANUP
+
+# CVE-2017-10791.
+# See also https://bugzilla.redhat.com/show_bug.cgi?id=1467004.
+# See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
+# See also https://security-tracker.debian.org/tracker/CVE-2017-10791.
+# Found by team OWL337, using the collAFL fuzzer.
+AT_SETUP([integer overflows in long string missing values])
+AT_KEYWORDS([system file negative])
+cp $top_srcdir/tests/data/CVE-2017-10791.sav .
+AT_CHECK([pspp-convert -O csv -e ASCII CVE-2017-10791.sav -], [0], [], [dnl
+`CVE-2017-10791.sav' near offset 0x217: Extension record subtype 21 ends unexpectedly.
+])
+AT_CLEANUP
+
+# CVE-2017-10792.
+# See also https://bugzilla.redhat.com/show_bug.cgi?id=1467005.
+# See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
+# See also https://security-tracker.debian.org/tracker/CVE-2017-10792.
+# Reported by team OWL337, with fuzzer collAFL.
+AT_SETUP([null dereference skipping bad extension record 18])
+AT_KEYWORDS([system file negative])
+cp $top_srcdir/tests/data/CVE-2017-10792.sav .
+AT_CHECK([pspp-convert -O csv -e ASCII CVE-2017-10792.sav -], [0], [], [dnl
+`CVE-2017-10792.sav' near offset 0x1c0: Record type 7, subtype 18 has bad size 4 (expected 1).
+])
+AT_CLEANUP