luo980/miniz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Guard against malformed input files

Browse Source 
Ensure the archive start offset can never be negative.
Fixes a case found by OSSFuzz.
This commit is contained in:
LemonBoy 2024-06-10 11:56:48 +02:00
parent 3c46a05141
commit 0283a1796e
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
miniz_zip.c
View File

@ -790,6 +790,9 @@ static int mz_stat64(const char *path, struct __stat64 *buffer)
if ((cdir_ofs + (mz_uint64)cdir_size) > pZip->m_archive_size) if ((cdir_ofs + (mz_uint64)cdir_size) > pZip->m_archive_size)
return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED); return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
if (eocd_ofs < cdir_ofs + cdir_size)
return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
/* The end of central dir follows the central dir, unless the zip file has /* The end of central dir follows the central dir, unless the zip file has
* some trailing data (e.g. it is appended to an executable file). */ * some trailing data (e.g. it is appended to an executable file). */
archive_ofs = eocd_ofs - (cdir_ofs + cdir_size); archive_ofs = eocd_ofs - (cdir_ofs + cdir_size);