25 lines
730 B
Diff
25 lines
730 B
Diff
From 50cfb3b9f68c7458822795e8b87a07dc06b39816 Mon Sep 17 00:00:00 2001
|
|
From: Con Kolivas <kernel@kolivas.org>
|
|
Date: Wed, 16 May 2018 19:26:15 +1000
|
|
Subject: [PATCH] Prevent infinite loop from crafted/corrupt archive in
|
|
unzip_match.
|
|
|
|
---
|
|
runzip.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/runzip.c b/runzip.c
|
|
index 667ae05..44e886d 100644
|
|
--- a/runzip.c
|
|
+++ b/runzip.c
|
|
@@ -219,6 +219,8 @@ static i64 unzip_match(rzip_control *control, void *ss, i64 len, uint32 *cksum,
|
|
|
|
while (len) {
|
|
n = MIN(len, offset);
|
|
+ if (unlikely(n < 1))
|
|
+ fatal_return(("Failed fd history in unzip_match due to corrupt archive\n"), -1);
|
|
|
|
if (unlikely(read_fdhist(control, off_buf, (size_t)n) != (ssize_t)n)) {
|
|
dealloc(buf);
|
|
|