summaryrefslogtreecommitdiffstats
path: root/libziparchive
diff options
context:
space:
mode:
authorTianjie Xu <xunchang@google.com>2016-10-07 00:30:02 +0000
committerandroid-build-merger <android-build-merger@google.com>2016-10-07 00:30:02 +0000
commit206150bf78b791601a0a9329557b1ff37bc94102 (patch)
tree1f253a5c1884545028a5ca2a391239e7f60f2856 /libziparchive
parent58a5e5a50bb9a8527cc06d54aae8f78fb4f34254 (diff)
parent6fb68bb196c6861c7fe9e6da8104dd278e625610 (diff)
downloadcore-206150bf78b791601a0a9329557b1ff37bc94102.tar.gz
core-206150bf78b791601a0a9329557b1ff37bc94102.tar.bz2
core-206150bf78b791601a0a9329557b1ff37bc94102.zip
Fix out of bound access in libziparchive am: 1ee4892e66 am: c24dd97654 am: 8788591224 am: 167562aa76 am: 398adf9b55 am: 680c3f1dc4 am: f0ce69815f
am: 6fb68bb196 Change-Id: Id8f75debfae94d35dbbee9799632cba3f72648d0
Diffstat (limited to 'libziparchive')
-rw-r--r--libziparchive/zip_archive.cc7
1 files changed, 6 insertions, 1 deletions
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc
index cc3f0e4d7..a1455b015 100644
--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc
@@ -270,9 +270,14 @@ static int32_t MapCentralDirectory0(int fd, const char* debug_file_name,
* Grab the CD offset and size, and the number of entries in the
* archive and verify that they look reasonable.
*/
- if (eocd->cd_start_offset + eocd->cd_size > eocd_offset) {
+ if (static_cast<off64_t>(eocd->cd_start_offset) + eocd->cd_size > eocd_offset) {
ALOGW("Zip: bad offsets (dir %" PRIu32 ", size %" PRIu32 ", eocd %" PRId64 ")",
eocd->cd_start_offset, eocd->cd_size, static_cast<int64_t>(eocd_offset));
+#if defined(__ANDROID__)
+ if (eocd->cd_start_offset + eocd->cd_size <= eocd_offset) {
+ android_errorWriteLog(0x534e4554, "31251826");
+ }
+#endif
return kInvalidOffset;
}
if (eocd->num_records == 0) {