diff options
author | Martin Matuska <mm@FreeBSD.org> | 2016-06-20 23:55:33 +0000 |
---|---|---|
committer | Martin Matuska <mm@FreeBSD.org> | 2016-06-20 23:55:33 +0000 |
commit | a53ba8b9783027cd9c7692dbe0c25d8ac3740afe (patch) | |
tree | 340157ed75684b469b383c2ace25b23c82ec6cf6 /libarchive/archive_read_support_format_rar.c | |
parent | dc919cebaf7d24f04391c32623e98c32a98e154c (diff) | |
download | src-a53ba8b9783027cd9c7692dbe0c25d8ac3740afe.tar.gz src-a53ba8b9783027cd9c7692dbe0c25d8ac3740afe.zip |
Notes
Diffstat (limited to 'libarchive/archive_read_support_format_rar.c')
-rw-r--r-- | libarchive/archive_read_support_format_rar.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c index 6450aac82785..f729f173645d 100644 --- a/libarchive/archive_read_support_format_rar.c +++ b/libarchive/archive_read_support_format_rar.c @@ -2127,6 +2127,12 @@ parse_codes(struct archive_read *a) rar->range_dec.Stream = &rar->bytein; __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context); + if (rar->dictionary_size == 0) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Invalid zero dictionary size"); + return (ARCHIVE_FATAL); + } + if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context, rar->dictionary_size, &g_szalloc)) { @@ -2884,11 +2890,10 @@ copy_from_lzss_window(struct archive_read *a, const void **buffer, } windowoffs = lzss_offset_for_position(&rar->lzss, startpos); - if(windowoffs + length <= lzss_size(&rar->lzss)) + if(windowoffs + length <= lzss_size(&rar->lzss)) { memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs], length); - else - { + } else if (length <= lzss_size(&rar->lzss)) { firstpart = lzss_size(&rar->lzss) - windowoffs; if (firstpart < 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, @@ -2900,9 +2905,14 @@ copy_from_lzss_window(struct archive_read *a, const void **buffer, &rar->lzss.window[windowoffs], firstpart); memcpy(&rar->unp_buffer[rar->unp_offset + firstpart], &rar->lzss.window[0], length - firstpart); - } else + } else { memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs], length); + } + } else { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Bad RAR file data"); + return (ARCHIVE_FATAL); } rar->unp_offset += length; if (rar->unp_offset >= rar->unp_buffer_size) |