BugReportTool: replace cziplib with tar.exe (#41127)

Browse Source

BugReportTool is the last consumer in the PowerToys repo of cziplib, a
library we use to produce ZIP files.

This pull request replaces cziplib with a simple CreateProcess call that
spawns `tar.exe`, which comes with Windows as of RS4 and can produce ZIP
files!

I've tested this by producing a bug report archive and attempting to
open it with File Explorer. It works fine.

We have taken every precaution to ensure that we do not allow any
attacker-controlled input to tar's command line. We are *not* using
`system()`, and we are not opening up a vector through which a nefarious
caller can perform shell injection.

We do not pass filenames to tar except that of the final archive. We do
not pass directory names to tar; we rely on the current directory
instead.

...

This commit is contained in:

Dustin L. Howett

2025-11-13 17:59:21 -06:00

committed by GitHub

parent 483e773299

commit 193d9aacbe

6 changed files with 40 additions and 48 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

1

deps/cziplib vendored

Submodule deps/cziplib deleted from 81314fff0a