move check magic after the check for header room.

diff --git a/ChangeLog b/ChangeLog
index 4e2a736e8195e4e9fdc14c14cfa3df4b93f54410..0d401d00777689b38f10b4f46bd9f048ae7af15b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2010-04-05  guidod  <guidod@gmx.de>
+
+       * zzip/zip.c (__zzip_parse_root_directory): move the check for
+            zzip_disk_entry_check_magic to be after the the check that
+            the seek-value is more than a header's size before the end.
+            (based on a segfault report by Tulipánt Gergely when the
+             new modulo_entries code is enabled (which is off by default))
+
 2010-03-30  guidod  <guidod@gmx.de>
 
        * zzip/Makefile.am:  fixing symlinks for lib* - use only for Linux

diff --git a/zzip/zip.c b/zzip/zip.c
index eacd689cab29fc8af3ee47767c275a37d73ac197..47a211a52cc17cd967fca05fec0306d914a69f83 100644 (file)
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -464,6 +464,14 @@ __zzip_parse_root_directory(int fd,
             d = &dirent;
         }
 
+        if ((zzip_off64_t) (zz_offset + sizeof(*d)) > zz_rootsize ||
+            (zzip_off64_t) (zz_offset + sizeof(*d)) < 0)
+        {
+            FAIL4("%li's entry stretches beyond root directory (O:%li R:%li)",
+                  (long) entries, (long) (zz_offset), (long) zz_rootsize);
+            break;
+        }
+
         if (! zzip_disk_entry_check_magic(d)) {
 #        ifndef ZZIP_ALLOW_MODULO_ENTRIES
             FAIL4("%li's entry has no disk_entry magic indicator (O:%li R:%li)",
@@ -472,13 +480,6 @@ __zzip_parse_root_directory(int fd,
             break;
         }
 
-        if ((zzip_off64_t) (zz_offset + sizeof(*d)) > zz_rootsize ||
-            (zzip_off64_t) (zz_offset + sizeof(*d)) < 0)
-        {
-            FAIL4("%li's entry stretches beyond root directory (O:%li R:%li)",
-                  (long) entries, (long) (zz_offset), (long) zz_rootsize);
-            break;
-        }
 #       if 0 && defined DEBUG
         zzip_debug_xbuf((unsigned char *) d, sizeof(*d) + 8);
 #       endif