forked from ports/contrib
33 lines
999 B
Diff
33 lines
999 B
Diff
From 4393a756cea723e6d4b2fa70310f64a2e1303f94 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Josef=20M=C3=B6llers?= <josef.moellers@suse.com>
|
|
Date: Mon, 26 Mar 2018 12:27:34 +0200
|
|
Subject: [PATCH 01/19] zzip_mem_entry_new(): if compressed size is too big,
|
|
bail out.
|
|
|
|
---
|
|
zzip/memdisk.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/zzip/memdisk.c b/zzip/memdisk.c
|
|
index 8d5743d..7c59602 100644
|
|
--- a/zzip/memdisk.c
|
|
+++ b/zzip/memdisk.c
|
|
@@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry)
|
|
item->zz_filetype = zzip_disk_entry_get_filetype(entry);
|
|
|
|
/*
|
|
+ * If zz_data+zz_csize exceeds the size of the file, bail out
|
|
+ */
|
|
+ if ((item->zz_data + item->zz_csize) < disk->buffer ||
|
|
+ (item->zz_data + item->zz_csize) >= disk->endbuf)
|
|
+ {
|
|
+ goto error;
|
|
+ }
|
|
+ /*
|
|
* If the file is uncompressed, zz_csize and zz_usize should be the same
|
|
* If they are not, we cannot guarantee that either is correct, so ...
|
|
*/
|
|
--
|
|
2.22.0
|
|
|