]> git.ipfire.org Git - thirdparty/libarchive.git/commitdiff
projects / thirdparty / libarchive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2d2b3e9)
Reread the CAB header skipping the self-extracting binary code.
authorJoerg Sonnenberger <joerg@bec.de>
Thu, 1 Dec 2016 18:56:43 +0000 (19:56 +0100)
committerJoerg Sonnenberger <joerg@bec.de>
Thu, 1 Dec 2016 19:00:30 +0000 (20:00 +0100)
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15 as found
by the "OSS-Fuzz" project.

libarchive/archive_read_support_format_cab.c patch | blob | blame | history

diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c
index fc70684afa04feed1dbaef4eda7def7fb1cbf8d4..099f4a83dcacdeeba72146e03120ea770b008aad 100644 (file)
--- a/libarchive/archive_read_support_format_cab.c
+++ b/libarchive/archive_read_support_format_cab.c
@@ -645,12 +645,13 @@ cab_read_header(struct archive_read *a)
        cab = (struct cab *)(a->format->data);
        if (cab->found_header == 0 &&
            p[0] == 'M' && p[1] == 'Z') {
-               /* This is an executable?  Must be self-extracting...   */
+               /* This is an executable?  Must be self-extracting... */
                err = cab_skip_sfx(a);
                if (err < ARCHIVE_WARN)
                        return (err);
 
-               if ((p = __archive_read_ahead(a, sizeof(*p), NULL)) == NULL)
+               /* Re-read header after processing the SFX. */
+               if ((p = __archive_read_ahead(a, 42, NULL)) == NULL)
                        return (truncated_error(a));
        }
 
Mirror of https://github.com/libarchive/libarchive.git