852e18aefc
OBS-URL: https://build.opensuse.org/request/show/573379 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=24
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
Index: zziplib-0.13.67/zzip/mmapped.c
|
|
===================================================================
|
|
--- zziplib-0.13.67.orig/zzip/mmapped.c
|
|
+++ zziplib-0.13.67/zzip/mmapped.c
|
|
@@ -457,6 +457,12 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
|
|
errno = EBADMSG;
|
|
return 0;
|
|
}
|
|
+ if (root >= disk->endbuf)
|
|
+ {
|
|
+ DBG1("root behind endbuf should be impossible");
|
|
+ errno = EBADMSG;
|
|
+ return 0;
|
|
+ }
|
|
if (zzip_disk_entry_check_magic(root))
|
|
{
|
|
DBG1("found the disk root");
|
|
Index: zziplib-0.13.67/zzip/memdisk.c
|
|
===================================================================
|
|
--- zziplib-0.13.67.orig/zzip/memdisk.c
|
|
+++ zziplib-0.13.67/zzip/memdisk.c
|
|
@@ -305,7 +305,14 @@ zzip_mem_entry_find_extra_block(ZZIP_MEM
|
|
char* ext_end = ext + entry->zz_extlen[i];
|
|
if (ext)
|
|
{
|
|
- while (ext + zzip_extra_block_headerlength <= ext_end)
|
|
+ /*
|
|
+ * Make sure that
|
|
+ * 1) the extra block header
|
|
+ * AND
|
|
+ * 2) the block we're looking for
|
|
+ * fit into the extra block!
|
|
+ */
|
|
+ while (ext + zzip_extra_block_headerlength + blocksize <= ext_end)
|
|
{
|
|
if (datatype == zzip_extra_block_get_datatype(ext))
|
|
{
|