zip: fix possible endless loop if reading a truncated zstd archive

The fix is analogous to the behavior in case of bzip2 compression.

diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
index 975681f8129e7a00527c3f011d2b68f81587cc39..38ada70b5577284f5da6b28e6f722adea713b533 100644 (file)
--- a/libarchive/archive_read_support_format_zip.c
+++ b/libarchive/archive_read_support_format_zip.c
@@ -2325,6 +2325,15 @@ zip_read_data_zipx_zstd(struct archive_read *a, const void **buff,
        }
 
        in_bytes = zipmin(zip->entry_bytes_remaining, bytes_avail);
+       if(in_bytes < 1) {
+               /* zstd doesn't complain when caller feeds avail_in == 0.
+                * It will actually return success in this case, which is
+                * undesirable. This is why we need to make this check
+                * manually. */
+               archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+                   "Truncated zstd file body");
+               return (ARCHIVE_FATAL);
+       }
 
        /* Setup buffer boundaries */
        in.src = compressed_buff;