38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
|
Index: zziplib-0.13.67/zzip/mmapped.c
|
||
|
|
===================================================================
|
||
|
|
--- zziplib-0.13.67.orig/zzip/mmapped.c
|
||
|
|
+++ zziplib-0.13.67/zzip/mmapped.c
|
||
|
|
@@ -457,6 +457,12 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
|
||
|
|
errno = EBADMSG;
|
||
|
|
return 0;
|
||
|
|
}
|
||
|
|
+ if (root >= disk->endbuf)
|
||
|
|
+ {
|
||
|
|
+ DBG1("root behind endbuf should be impossible");
|
||
|
|
+ errno = EBADMSG;
|
||
|
|
+ return 0;
|
||
|
|
+ }
|
||
|
|
if (zzip_disk_entry_check_magic(root))
|
||
|
|
{
|
||
|
|
DBG1("found the disk root");
|
||
|
|
Index: zziplib-0.13.67/zzip/memdisk.c
|
||
|
|
===================================================================
|
||
|
|
--- zziplib-0.13.67.orig/zzip/memdisk.c
|
||
|
|
+++ zziplib-0.13.67/zzip/memdisk.c
|
||
|
|
@@ -305,7 +305,14 @@ zzip_mem_entry_find_extra_block(ZZIP_MEM
|
||
|
|
char* ext_end = ext + entry->zz_extlen[i];
|
||
|
|
if (ext)
|
||
|
|
{
|
||
|
|
- while (ext + zzip_extra_block_headerlength <= ext_end)
|
||
|
|
+ /*
|
||
|
|
+ * Make sure that
|
||
|
|
+ * 1) the extra block header
|
||
|
|
+ * AND
|
||
|
|
+ * 2) the block we're looking for
|
||
|
|
+ * fit into the extra block!
|
||
|
|
+ */
|
||
|
|
+ while (ext + zzip_extra_block_headerlength + blocksize <= ext_end)
|
||
|
|
{
|
||
|
|
if (datatype == zzip_extra_block_get_datatype(ext))
|
||
|
|
{
|