]> git.ipfire.org Git - thirdparty/libarchive.git/commitdiff
7zip: Simplify decode_encoded_header_info
authorTobias Stoeckmann <tobias@stoeckmann.org>
Thu, 25 Jun 2026 18:58:13 +0000 (20:58 +0200)
committerTobias Stoeckmann <tobias@stoeckmann.org>
Fri, 26 Jun 2026 17:23:40 +0000 (19:23 +0200)
With correct data types in place, simplify the overflow check by using
checked arithmetic and simple comparison.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
libarchive/archive_read_support_format_7zip.c

index 0d4da2a7b58893cfd1b7fb5d65d412d5db412990..df332d07642b30096e20b34aee3a14b650345168 100644 (file)
@@ -3200,6 +3200,7 @@ static int
 decode_encoded_header_info(struct archive_read *a, struct _7z_stream_info *si)
 {
        struct _7zip *zip = (struct _7zip *)a->format->data;
+       int64_t pi_end;
 
        errno = 0;
        if (read_StreamsInfo(a, si) < 0) {
@@ -3217,9 +3218,12 @@ decode_encoded_header_info(struct archive_read *a, struct _7z_stream_info *si)
                return (ARCHIVE_FATAL);
        }
 
-       if (zip->header_offset < si->pi.pos + si->pi.sizes[0] ||
-           si->pi.pos + si->pi.sizes[0] < 0 ||
-           si->pi.sizes[0] == 0 || si->pi.pos < 0) {
+       if (archive_ckd_add_i64(&pi_end, si->pi.pos, si->pi.sizes[0])) {
+               archive_set_error(&a->archive, -1, "Malformed 7-Zip archive");
+               return (ARCHIVE_FATAL);
+       }
+
+       if (zip->header_offset < pi_end) {
                archive_set_error(&a->archive, -1, "Malformed Header offset");
                return (ARCHIVE_FATAL);
        }