In the zipfile extension, defend against corrupt ZIP files that contain

author drh <>

Thu, 6 Apr 2023 00:59:41 +0000 (00:59 +0000)

committer drh <>

Thu, 6 Apr 2023 00:59:41 +0000 (00:59 +0000)
author drh <>
Thu, 6 Apr 2023 00:59:41 +0000 (00:59 +0000)
committer drh <>
Thu, 6 Apr 2023 00:59:41 +0000 (00:59 +0000)
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c

index 480fbe3990e7a85d06fdbf618117b8e48cf671c7..9b49fb4df67680b2238d01dc507090a7b991610d 100644 (file)
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1097,7 +1097,10 @@ static int zipfileColumn(
            ** it to be a directory either if the mode suggests so, or if
            ** the final character in the name is '/'.  */
            u32 mode = pCDS->iExternalAttr >> 16;
-          if( !(mode & S_IFDIR) && pCDS->zFile[pCDS->nFile-1]!='/' ){
+          if( !(mode & S_IFDIR)
+           && pCDS->nFile>=1
+           && pCDS->zFile[pCDS->nFile-1]!='/'
+          ){
              sqlite3_result_blob(ctx, "", 0, SQLITE_STATIC);
            }
          }
diff --git a/manifest b/manifest

index 40053fb961f8d4feb7a3e88814437a47b9ecb5e7..c94b14ec3c5bc93ae77578a5fea7c82ff77c54a9 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C In\sthe\snew\s.scanstatus\scommand\sin\sthe\sCLI,\smake\ssure\sthe\sdatabase\sis\sopened\nbefore\sinvoking\ssqlite3_db_config().\n[forum:/forumpost/6e26dcf544|Forum\spost\s6e26dcf544].
-D 2023-04-06T00:18:31.546
+C In\sthe\szipfile\sextension,\sdefend\sagainst\scorrupt\sZIP\sfiles\sthat\scontain\na\szero-length\sfilename.\n[forum:/forumpost/b15f5e3ad8|Forum\spost\sb15f5e3ad8].
+D 2023-04-06T00:59:41.126
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -316,7 +316,7 @@ F ext/misc/vfsstat.c 474d08efc697b8eba300082cb1eb74a5f0f3df31ed257db1cb07e72ab0e
  F ext/misc/vtablog.c 5538acd0c8ddaae372331bee11608d76973436b77d6a91e8635cfc9432fba5ae
  F ext/misc/vtshim.c 1976e6dd68dd0d64508c91a6dfab8e75f8aaf6cd
  F ext/misc/wholenumber.c a838d1bea913c514ff316c69695efbb49ea3b8cb37d22afc57f73b6b010b4546
-F ext/misc/zipfile.c f98239261488397618ce4754c500626d1de20cd2d44bf2f2d571d7ddaab668a7
+F ext/misc/zipfile.c b9d615e1d9af7577833861cfaa79b253aec0f26c89239c75af8c790d287d1d39
  F ext/misc/zorder.c b0ff58fa643afa1d846786d51ea8d5c4b6b35aa0254ab5a82617db92f3adda64
  F ext/rbu/rbu.c 801450b24eaf14440d8fd20385aacc751d5c9d6123398df41b1b5aa804bf4ce8
  F ext/rbu/rbu1.test 25870dd7db7eb5597e2b4d6e29e7a7e095abf332660f67d89959552ce8f8f255
@@ -2052,8 +2052,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 68a1a837493a0bc5e0e0f2373ac76cb575078cec08990c017fdcb51a4ba363a1
-R 5613993872d968e85760c42dbc57645a
+P 1cd993c45cd6b60e00d1426dd01d63efad13f7258636b5fa694f21499e77955a
+R 83db8d662a6f7a0bae20734c688d29bc
  U drh
-Z fba861d77ab7fe200695129e0e7e4491
+Z d955adab3dd7b2a13ea222fedf06115c
  # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid

index ae1de680a81041ee09b931edbf7b012006c2071a..adf997132517e407fb49e00f23e58b27628d8fad 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-1cd993c45cd6b60e00d1426dd01d63efad13f7258636b5fa694f21499e77955a
-\ No newline at end of file
+46db2e42a5f9b18da9661ccedca68cb70257ea5c58b33b401db2a5e030c1346a
+\ No newline at end of file
author	drh <>
	Thu, 6 Apr 2023 00:59:41 +0000 (00:59 +0000)
committer	drh <>
	Thu, 6 Apr 2023 00:59:41 +0000 (00:59 +0000)
ext/misc/zipfile.c		patch \| blob \| blame \| history
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history