Fix issue 375: failure to read some larger .7z archives

author Michihiro NAKAJIMA <ggcueroad@gmail.com>

Sun, 31 Aug 2014 11:40:32 +0000 (20:40 +0900)

committer Michihiro NAKAJIMA <ggcueroad@gmail.com>

Sun, 31 Aug 2014 11:40:32 +0000 (20:40 +0900)
author Michihiro NAKAJIMA <ggcueroad@gmail.com>
Sun, 31 Aug 2014 11:40:32 +0000 (20:40 +0900)
committer Michihiro NAKAJIMA <ggcueroad@gmail.com>
Sun, 31 Aug 2014 11:40:32 +0000 (20:40 +0900)
diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c

index 0cc73261d493c303d0322cbf56fc069ab83b98db..2183d8c8b19606c4b9379522026618e653c49456 100644 (file)
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -331,6 +331,11 @@ struct _7zip {
         int                      has_encrypted_entries;
  };
  
+/* Maximum entry size. This limitation prevents reading intentional
+ * corrupted 7-zip files on assuming there are not so many entries in
+ * the files. */
+#define UMAX_ENTRY     ARCHIVE_LITERAL_ULL(100000000)
+
  static int     archive_read_format_7zip_has_encrypted_entries(struct archive_read *);
  static int     archive_read_support_format_7zip_capabilities(struct archive_read *a);
  static int     archive_read_format_7zip_bid(struct archive_read *, int);
@@ -1763,7 +1768,7 @@ read_PackInfo(struct archive_read *a, struct _7z_pack_info *pi)
                 return (-1);
         if (pi->numPackStreams == 0)
                 return (-1);
-       if (1000000 < pi->numPackStreams)
+       if (UMAX_ENTRY < pi->numPackStreams)
                 return (-1);
  
         /*
@@ -1892,12 +1897,12 @@ read_Folder(struct archive_read *a, struct _7z_folder *f)
                         if (parse_7zip_uint64(
                             a, &(f->coders[i].numInStreams)) < 0)
                                 return (-1);
-                       if (1000000 < f->coders[i].numInStreams)
+                       if (UMAX_ENTRY < f->coders[i].numInStreams)
                                 return (-1);
                         if (parse_7zip_uint64(
                             a, &(f->coders[i].numOutStreams)) < 0)
                                 return (-1);
-                       if (1000000 < f->coders[i].numOutStreams)
+                       if (UMAX_ENTRY < f->coders[i].numOutStreams)
                                 return (-1);
                 }
  
@@ -1937,11 +1942,11 @@ read_Folder(struct archive_read *a, struct _7z_folder *f)
         for (i = 0; i < f->numBindPairs; i++) {
                 if (parse_7zip_uint64(a, &(f->bindPairs[i].inIndex)) < 0)
                         return (-1);
-               if (1000000 < f->bindPairs[i].inIndex)
+               if (UMAX_ENTRY < f->bindPairs[i].inIndex)
                         return (-1);
                 if (parse_7zip_uint64(a, &(f->bindPairs[i].outIndex)) < 0)
                         return (-1);
-               if (1000000 < f->bindPairs[i].outIndex)
+               if (UMAX_ENTRY < f->bindPairs[i].outIndex)
                         return (-1);
         }
  
@@ -1967,7 +1972,7 @@ read_Folder(struct archive_read *a, struct _7z_folder *f)
                 for (i = 0; i < f->numPackedStreams; i++) {
                         if (parse_7zip_uint64(a, &(f->packedStreams[i])) < 0)
                                 return (-1);
-                       if (1000000 < f->packedStreams[i])
+                       if (UMAX_ENTRY < f->packedStreams[i])
                                 return (-1);
                 }
         }
@@ -2009,8 +2014,8 @@ read_CodersInfo(struct archive_read *a, struct _7z_coders_info *ci)
          */
         if (parse_7zip_uint64(a, &(ci->numFolders)) < 0)
                 goto failed;
-       if (1000000 < ci->numFolders)
-                       return (-1);
+       if (UMAX_ENTRY < ci->numFolders)
+               return (-1);
  
         /*
          * Read External.
@@ -2031,7 +2036,7 @@ read_CodersInfo(struct archive_read *a, struct _7z_coders_info *ci)
         case 1:
                 if (parse_7zip_uint64(a, &(ci->dataStreamIndex)) < 0)
                         return (-1);
-               if (1000000 < ci->dataStreamIndex)
+               if (UMAX_ENTRY < ci->dataStreamIndex)
                         return (-1);
                 break;
         }
@@ -2136,7 +2141,7 @@ read_SubStreamsInfo(struct archive_read *a, struct _7z_substream_info *ss,
                 for (i = 0; i < numFolders; i++) {
                         if (parse_7zip_uint64(a, &(f[i].numUnpackStreams)) < 0)
                                 return (-1);
-                       if (1000000 < f[i].numUnpackStreams)
+                       if (UMAX_ENTRY < f[i].numUnpackStreams)
                                 return (-1);
                         unpack_streams += (size_t)f[i].numUnpackStreams;
                 }
@@ -2385,8 +2390,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
  
         if (parse_7zip_uint64(a, &(zip->numFiles)) < 0)
                 return (-1);
-       if (1000000 < zip->numFiles)
-                       return (-1);
+       if (UMAX_ENTRY < zip->numFiles)
+               return (-1);
  
         zip->entries = calloc((size_t)zip->numFiles, sizeof(*zip->entries));
         if (zip->entries == NULL)
@@ -2684,7 +2689,7 @@ read_Times(struct archive_read *a, struct _7z_header_info *h, int type)
         if (*p) {
                 if (parse_7zip_uint64(a, &(h->dataIndex)) < 0)
                         goto failed;
-               if (1000000 < h->dataIndex)
+               if (UMAX_ENTRY < h->dataIndex)
                         goto failed;
         }
author	Michihiro NAKAJIMA <ggcueroad@gmail.com>
	Sun, 31 Aug 2014 11:40:32 +0000 (20:40 +0900)
committer	Michihiro NAKAJIMA <ggcueroad@gmail.com>
	Sun, 31 Aug 2014 11:40:32 +0000 (20:40 +0900)