jcs
/subtext
/amendments
/326
zip: Fix GET_* macros on large lengths
jcs made amendment 326 about 1 year ago
--- zip.c Fri Feb 24 09:52:32 2023
+++ zip.c Tue Feb 28 17:30:24 2023
@@ -116,6 +116,10 @@ zip_read_file(Str255 path, zip_extract_decider *decide
logger_printf("[zip] ZIP64 not supported");
goto read_fail;
}
+ if ((signed long)comp_len < 0) {
+ logger_printf("[zip] bogus compressed length (%lu)", comp_len);
+ goto read_fail;
+ }
if (comp_len == 0) {
logger_printf("[zip] data descriptor not supported");
goto read_fail;
@@ -129,6 +133,11 @@ zip_read_file(Str255 path, zip_extract_decider *decide
logger_printf("[zip] ZIP64 not supported");
goto read_fail;
}
+ if ((signed long)uncomp_len < 0) {
+ logger_printf("[zip] bogus uncompressed length (%lu)",
+ uncomp_len);
+ goto read_fail;
+ }
if (uncomp_len == 0) {
logger_printf("[zip] data descriptor not supported");
goto read_fail;
@@ -166,7 +175,8 @@ zip_read_file(Str255 path, zip_extract_decider *decide
/* don't use xmalloc, these are not fatal */
comp = malloc(comp_len);
if (comp == NULL) {
- logger_printf("[zip] failed to malloc(%ld)", comp_len);
+ logger_printf("[zip] failed to malloc(%ld) for "
+ "compressed data", comp_len);
goto read_fail;
}
@@ -178,7 +188,8 @@ zip_read_file(Str255 path, zip_extract_decider *decide
uncomp = malloc(uncomp_len);
if (uncomp == NULL) {
- logger_printf("[zip] failed to malloc(%ld)", uncomp_len);
+ logger_printf("[zip] failed to malloc(%ld) for "
+ "uncompressed data", uncomp_len);
free(comp);
goto read_fail;
}
--- zip.h Fri Feb 24 09:52:52 2023
+++ zip.h Tue Feb 28 17:38:12 2023
@@ -21,13 +21,13 @@
#include "util.h"
#define GET_U16(buf) (u_int16_t)(\
- (((unsigned char *)buf)[1] << 8) | \
- (((unsigned char *)buf)[0]))
+ ((u_int16_t)((unsigned char *)buf)[1] << 8) | \
+ ((u_int16_t)((unsigned char *)buf)[0]))
#define GET_U32(buf) (u_int32_t)(\
- (((unsigned char *)buf)[3] << 24) | \
- (((unsigned char *)buf)[2] << 16) | \
- (((unsigned char *)buf)[1] << 8) | \
- (((unsigned char *)buf)[0]))
+ ((u_int32_t)((unsigned char *)buf)[3] << 24) | \
+ ((u_int32_t)((unsigned char *)buf)[2] << 16) | \
+ ((u_int32_t)((unsigned char *)buf)[1] << 8) | \
+ ((u_int32_t)((unsigned char *)buf)[0]))
typedef bool zip_extract_decider(char *filename, size_t extracted_size);
typedef void zip_extract_processor(char *filename,