Avoid endless loop when parsing MSZIP signature in cab archives

author Martin Matuska <martin@matuska.org>

Wed, 25 Jan 2017 22:14:59 +0000 (23:14 +0100)

committer Martin Matuska <martin@matuska.org>

Wed, 25 Jan 2017 22:14:59 +0000 (23:14 +0100)
author Martin Matuska <martin@matuska.org>
Wed, 25 Jan 2017 22:14:59 +0000 (23:14 +0100)
committer Martin Matuska <martin@matuska.org>
Wed, 25 Jan 2017 22:14:59 +0000 (23:14 +0100)
diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c

index 2bdc1e2850e930b7311c6f30a39554140e984142..e2f8c6b70aebffe90159c578a0de00fa7641b5de 100644 (file)
--- a/libarchive/archive_read_support_format_cab.c
+++ b/libarchive/archive_read_support_format_cab.c
@@ -1495,6 +1495,8 @@ cab_read_ahead_cfdata_deflate(struct archive_read *a, ssize_t *avail)
  
                 /* Cut out a tow-byte MSZIP signature(0x43, 0x4b). */
                 if (mszip > 0) {
+                       if (bytes_avail <= 0)
+                               goto nomszip;
                         if (bytes_avail <= mszip) {
                                 if (mszip == 2) {
                                         if (cab->stream.next_in[0] != 0x43)
author	Martin Matuska <martin@matuska.org>
	Wed, 25 Jan 2017 22:14:59 +0000 (23:14 +0100)
committer	Martin Matuska <martin@matuska.org>
	Wed, 25 Jan 2017 22:14:59 +0000 (23:14 +0100)