Issue 76: Correct segfault when Zip bidder sees a file that is less than 128k

and starts with "MZ".  The "MZ" signature identifies executable files that
could be self-extracting Zip files; the Zip bidder incorrectly handled
end-of-file when searching ahead for the Zip contents.

Submitted by:	dardoguidobono

SVN-Revision: 2028

diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
index 8f04b54288000083edb153000a69e615366c5068..49288ac075fd816b181c2cda6ccb8d2d8ed8fc19 100644 (file)
--- a/libarchive/archive_read_support_format_zip.c
+++ b/libarchive/archive_read_support_format_zip.c
@@ -225,7 +225,7 @@ archive_read_format_zip_bid(struct archive_read *a)
                        /* Get 4k of data beyond where we stopped. */
                        buff = __archive_read_ahead(a, offset + 4096,
                            &bytes_avail);
-                       if (bytes_avail < offset + 1)
+                       if (buff == NULL)
                                break;
                        p = (const char *)buff + offset;
                        while (p + 9 < (const char *)buff + bytes_avail) {