From 287c71ca84533da008e9cc240224910a9d05139e Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Tue, 16 Jun 2009 17:36:04 -0700 Subject: fix decompression bug in fastboot fastboot passes the *uncompressed* length of the file as the length of the input to the inflate() call, which happens to work unless the compressed data is actually larger than the uncompressed data (which it can be for very small files). Fix this to pass the correct compressed length down to the inflate call. --- libzipfile/centraldir.c | 15 ++++++--------- libzipfile/zipfile.c | 8 ++++---- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/libzipfile/centraldir.c b/libzipfile/centraldir.c index 4387cebaa..0391c0995 100644 --- a/libzipfile/centraldir.c +++ b/libzipfile/centraldir.c @@ -13,7 +13,7 @@ enum { // central directory entries ENTRY_SIGNATURE = 0x02014b50, ENTRY_LEN = 46, // CentralDirEnt len, excl. var fields - + // local file header LFH_SIZE = 30, }; @@ -73,8 +73,6 @@ read_central_directory_entry(Zipfile* file, Zipentry* entry, unsigned short lastModFileTime; unsigned short lastModFileDate; unsigned long crc32; - unsigned long compressedSize; - unsigned long uncompressedSize; unsigned short extraFieldLength; unsigned short fileCommentLength; unsigned short diskNumberStart; @@ -85,7 +83,7 @@ read_central_directory_entry(Zipfile* file, Zipentry* entry, const unsigned char* fileComment; unsigned int dataOffset; unsigned short lfhExtraFieldSize; - + p = *buf; @@ -106,7 +104,7 @@ read_central_directory_entry(Zipfile* file, Zipentry* entry, lastModFileTime = read_le_short(&p[0x0c]); lastModFileDate = read_le_short(&p[0x0e]); crc32 = read_le_int(&p[0x10]); - compressedSize = read_le_int(&p[0x14]); + entry->compressedSize = read_le_int(&p[0x14]); entry->uncompressedSize = read_le_int(&p[0x18]); entry->fileNameLength = read_le_short(&p[0x1c]); extraFieldLength = read_le_short(&p[0x1e]); @@ -141,14 +139,14 @@ read_central_directory_entry(Zipfile* file, Zipentry* entry, fileComment = NULL; } p += fileCommentLength; - + *buf = p; // the size of the extraField in the central dir is how much data there is, // but the one in the local file header also contains some padding. p = file->buf + localHeaderRelOffset; extraFieldLength = read_le_short(&p[0x1c]); - + dataOffset = localHeaderRelOffset + LFH_SIZE + entry->fileNameLength + extraFieldLength; entry->data = file->buf + dataOffset; @@ -243,7 +241,7 @@ read_central_dir(Zipfile *file) free(entry); goto bail; } - + // add it to our list entry->next = file->entries; file->entries = entry; @@ -253,4 +251,3 @@ read_central_dir(Zipfile *file) bail: return -1; } - diff --git a/libzipfile/zipfile.c b/libzipfile/zipfile.c index b52d02df7..a401a9b16 100644 --- a/libzipfile/zipfile.c +++ b/libzipfile/zipfile.c @@ -82,13 +82,13 @@ uninflate(unsigned char* out, int unlen, const unsigned char* in, int clen) unsigned long crc; int err = 0; int zerr; - + memset(&zstream, 0, sizeof(zstream)); zstream.zalloc = Z_NULL; zstream.zfree = Z_NULL; zstream.opaque = Z_NULL; zstream.next_in = (void*)in; - zstream.avail_in = unlen; + zstream.avail_in = clen; zstream.next_out = (Bytef*) out; zstream.avail_out = unlen; zstream.data_type = Z_UNKNOWN; @@ -99,7 +99,7 @@ uninflate(unsigned char* out, int unlen, const unsigned char* in, int clen) if (zerr != Z_OK) { return -1; } - + // uncompress the data zerr = inflate(&zstream, Z_FINISH); if (zerr != Z_STREAM_END) { @@ -107,7 +107,7 @@ uninflate(unsigned char* out, int unlen, const unsigned char* in, int clen) zstream.total_out); err = -1; } - + inflateEnd(&zstream); return err; } -- cgit v1.2.3