From 50cfb3b9f68c7458822795e8b87a07dc06b39816 Mon Sep 17 00:00:00 2001
From: Con Kolivas <kernel@kolivas.org>
Date: Wed, 16 May 2018 19:26:15 +1000
Subject: [PATCH] Prevent infinite loop from crafted/corrupt archive in
 unzip_match.

---
 runzip.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/runzip.c b/runzip.c
index 667ae05..44e886d 100644
--- a/runzip.c
+++ b/runzip.c
@@ -219,6 +219,8 @@ static i64 unzip_match(rzip_control *control, void *ss, i64 len, uint32 *cksum,
 
 	while (len) {
 		n = MIN(len, offset);
+		if (unlikely(n < 1))
+			fatal_return(("Failed fd history in unzip_match due to corrupt archive\n"), -1);
 
 		if (unlikely(read_fdhist(control, off_buf, (size_t)n) != (ssize_t)n)) {
 			dealloc(buf);