From 0283a1796edb3fee469a84d9421e8ec149a2fcea Mon Sep 17 00:00:00 2001 From: LemonBoy Date: Mon, 10 Jun 2024 11:56:48 +0200 Subject: [PATCH] Guard against malformed input files Ensure the archive start offset can never be negative. Fixes a case found by OSSFuzz. --- miniz_zip.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/miniz_zip.c b/miniz_zip.c index 399972f..a831909 100644 --- a/miniz_zip.c +++ b/miniz_zip.c @@ -790,6 +790,9 @@ static int mz_stat64(const char *path, struct __stat64 *buffer) if ((cdir_ofs + (mz_uint64)cdir_size) > pZip->m_archive_size) return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED); + if (eocd_ofs < cdir_ofs + cdir_size) + return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED); + /* The end of central dir follows the central dir, unless the zip file has * some trailing data (e.g. it is appended to an executable file). */ archive_ofs = eocd_ofs - (cdir_ofs + cdir_size);