7z: fix out-of-bounds read in 7z self extracting archive detection

author Martin Matuska <martin@matuska.de>

Wed, 14 May 2025 10:37:26 +0000 (12:37 +0200)

committer Martin Matuska <martin@matuska.de>

Wed, 14 May 2025 14:18:19 +0000 (16:18 +0200)
author Martin Matuska <martin@matuska.de>
Wed, 14 May 2025 10:37:26 +0000 (12:37 +0200)
committer Martin Matuska <martin@matuska.de>
Wed, 14 May 2025 14:18:19 +0000 (16:18 +0200)
diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c

index ca551784ffa315e7e5fe840135c51e98e52b9fc3..c72322f56feb9f406cba7a0b82afb102ad2f9ab9 100644 (file)
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -778,11 +778,16 @@ find_elf_data_sec(struct archive_read *a)
                         e_shentsize = (*dec16)(h + 0x3A);
                         e_shnum = (*dec16)(h + 0x3C);
                         e_shstrndx = (*dec16)(h + 0x3E);
+                       if (e_shnum < e_shstrndx || e_shentsize < 0x28)
+                               break;
+
                 } else {
                         e_shoff = (*dec32)(h + 0x20);
                         e_shentsize = (*dec16)(h + 0x2E);
                         e_shnum = (*dec16)(h + 0x30);
                         e_shstrndx = (*dec16)(h + 0x32);
+                       if (e_shnum < e_shstrndx || e_shentsize < 0x18)
+                               break;
                 }
  
                 /*
author	Martin Matuska <martin@matuska.de>
	Wed, 14 May 2025 10:37:26 +0000 (12:37 +0200)
committer	Martin Matuska <martin@matuska.de>
	Wed, 14 May 2025 14:18:19 +0000 (16:18 +0200)