diff options
| author | Tianjie Xu <xunchang@google.com> | 2016-10-07 00:23:01 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2016-10-07 00:23:01 +0000 |
| commit | f0ce69815fed6b66900c926e716434c34d85a112 (patch) | |
| tree | 78ce37827ed13e1531533127d77a2a2e24525f7f | |
| parent | 3a53e2ce0440ca58ec00ead43c92e285452f1d1c (diff) | |
| parent | 680c3f1dc422bd72827428f8459c99785c4ee872 (diff) | |
| download | core-f0ce69815fed6b66900c926e716434c34d85a112.tar.gz | |
Fix out of bound access in libziparchive am: 1ee4892e66 am: c24dd97654 am: 8788591224 am: 167562aa76 am: 398adf9b55
am: 680c3f1dc4
Change-Id: Ibd3e65922bb05b1247018d6dc89d3f79cf0eedd2
| -rw-r--r-- | libziparchive/zip_archive.cc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc index cc39aa5fe..a17091f95 100644 --- a/libziparchive/zip_archive.cc +++ b/libziparchive/zip_archive.cc @@ -463,9 +463,14 @@ static int32_t MapCentralDirectory0(int fd, const char* debug_file_name, * Grab the CD offset and size, and the number of entries in the * archive and verify that they look reasonable. */ - if (eocd->cd_start_offset + eocd->cd_size > eocd_offset) { + if (static_cast<off64_t>(eocd->cd_start_offset) + eocd->cd_size > eocd_offset) { ALOGW("Zip: bad offsets (dir %" PRIu32 ", size %" PRIu32 ", eocd %" PRId64 ")", eocd->cd_start_offset, eocd->cd_size, static_cast<int64_t>(eocd_offset)); +#if defined(__ANDROID__) + if (eocd->cd_start_offset + eocd->cd_size <= eocd_offset) { + android_errorWriteLog(0x534e4554, "31251826"); + } +#endif return kInvalidOffset; } if (eocd->num_records == 0) { |