From 4393a756cea723e6d4b2fa70310f64a2e1303f94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20M=C3=B6llers?= <josef.moellers@suse.com>
Date: Mon, 26 Mar 2018 12:27:34 +0200
Subject: [PATCH 01/19] zzip_mem_entry_new(): if compressed size is too big,
 bail out.

---
 zzip/memdisk.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/zzip/memdisk.c b/zzip/memdisk.c
index 8d5743d..7c59602 100644
--- a/zzip/memdisk.c
+++ b/zzip/memdisk.c
@@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry)
     item->zz_filetype = zzip_disk_entry_get_filetype(entry);
 
     /*
+     * If zz_data+zz_csize exceeds the size of the file, bail out
+     */
+    if ((item->zz_data + item->zz_csize) < disk->buffer ||
+	(item->zz_data + item->zz_csize) >= disk->endbuf)
+    {
+	goto error;
+    }
+   /*
      * If the file is uncompressed, zz_csize and zz_usize should be the same
      * If they are not, we cannot guarantee that either is correct, so ...
      */
-- 
2.22.0