diff options
author | Tor Andersson <tor.andersson@artifex.com> | 2017-09-19 16:33:38 +0200 |
---|---|---|
committer | Tor Andersson <tor.andersson@artifex.com> | 2017-09-19 17:19:41 +0200 |
commit | 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 (patch) | |
tree | 13c7d774b24aee3f66d1fc7f19136c0f3ced066a /source | |
parent | ab1a420613dec93c686acbee2c165274e922f82a (diff) | |
download | mupdf-0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1.tar.xz |
Fix 698540: Check name, comment and meta size field signs.
Diffstat (limited to 'source')
-rw-r--r-- | source/fitz/unzip.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c index f2d4f322..0bcce0fd 100644 --- a/source/fitz/unzip.c +++ b/source/fitz/unzip.c @@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off (void) fz_read_int32_le(ctx, file); /* ext file atts */ offset = fz_read_int32_le(ctx, file); + if (namesize < 0 || metasize < 0 || commentsize < 0) + fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry"); + name = fz_malloc(ctx, namesize + 1); n = fz_read(ctx, file, (unsigned char*)name, namesize); if (n < (size_t)namesize) |