zzip_mem_entry_new(): if compressed size is too big, bail out.

author Josef Möllers <josef.moellers@suse.com>

Mon, 26 Mar 2018 10:27:34 +0000 (12:27 +0200)

committer Josef Möllers <josef.moellers@suse.com>

Mon, 26 Mar 2018 10:27:34 +0000 (12:27 +0200)
author Josef Möllers <josef.moellers@suse.com>
Mon, 26 Mar 2018 10:27:34 +0000 (12:27 +0200)
committer Josef Möllers <josef.moellers@suse.com>
Mon, 26 Mar 2018 10:27:34 +0000 (12:27 +0200)
diff --git a/zzip/memdisk.c b/zzip/memdisk.c

index 8d5743d797286f25811e13724a7a7850e2cfb8ee..7c59602e324585e2665b00cd347d5acbeb69377a 100644 (file)
--- a/zzip/memdisk.c
+++ b/zzip/memdisk.c
@@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry)
      item->zz_filetype = zzip_disk_entry_get_filetype(entry);
  
      /*
+     * If zz_data+zz_csize exceeds the size of the file, bail out
+     */
+    if ((item->zz_data + item->zz_csize) < disk->buffer ||
+       (item->zz_data + item->zz_csize) >= disk->endbuf)
+    {
+       goto error;
+    }
+   /*
       * If the file is uncompressed, zz_csize and zz_usize should be the same
       * If they are not, we cannot guarantee that either is correct, so ...
       */
author	Josef Möllers <josef.moellers@suse.com>
	Mon, 26 Mar 2018 10:27:34 +0000 (12:27 +0200)
committer	Josef Möllers <josef.moellers@suse.com>
	Mon, 26 Mar 2018 10:27:34 +0000 (12:27 +0200)