Prevent infinite loop from crafted/corrupt archive in unzip_match.

ckolivas · May 16, 2018 · 50cfb3b · 50cfb3b
1 parent b84c710
commit 50cfb3b
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/runzip.c b/runzip.c
@@ -219,6 +219,8 @@ static i64 unzip_match(rzip_control *control, void *ss, i64 len, uint32 *cksum,
 
 	while (len) {
 		n = MIN(len, offset);
+		if (unlikely(n < 1))
+			fatal_return(("Failed fd history in unzip_match due to corrupt archive\n"), -1);
 
 		if (unlikely(read_fdhist(control, off_buf, (size_t)n) != (ssize_t)n)) {
 			dealloc(buf);