Prevent infinite loop from crafted/corrupt archive in unzip_match.

2026-01-19 14:50:18 +01:00 · 2018-05-16 19:26:15 +10:00 · 2018-05-16 19:26:15 +10:00 · 50cfb3b9f6
parent b84c710902
commit 50cfb3b9f6
1 changed files with 2 additions and 0 deletions
--- a/runzip.c
+++ b/runzip.c
@ -219,6 +219,8 @@ static i64 unzip_match(rzip_control *control, void *ss, i64 len, uint32 *cksum,

 	while (len) {
 		n = MIN(len, offset);
+		if (unlikely(n < 1))
+			fatal_return(("Failed fd history in unzip_match due to corrupt archive\n"), -1);

 		if (unlikely(read_fdhist(control, off_buf, (size_t)n) != (ssize_t)n)) {
 			dealloc(buf);