From 7b8728fea81bd139b8dc976e8d63e6e1f6b9f597 Mon Sep 17 00:00:00 2001 From: Joerg Sonnenberger Date: Sat, 31 Mar 2018 22:48:25 +0200 Subject: [PATCH] Check size of the extended time field in zip archives Reported-By: OSS-Fuzz issue 4969 --- libarchive/archive_read_support_format_zip.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c index 784160070..18f0d04e5 100644 --- a/libarchive/archive_read_support_format_zip.c +++ b/libarchive/archive_read_support_format_zip.c @@ -511,7 +511,13 @@ process_extra(struct archive_read *a, const char *p, size_t extra_length, struct case 0x5455: { /* Extended time field "UT". */ - int flags = p[offset]; + int flags; + if (datasize == 0) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Incomplete extended time field"); + return ARCHIVE_FAILED; + } + flags = p[offset]; offset++; datasize--; /* Flag bits indicate which dates are present. */ -- 2.47.2