package/source/zipapi/ZipFile.cxx | 8 ++++++++
1 file changed, 8 insertions(+)
New commits:
commit fb1bf9f1fda915b30864e9ad23545930ea6d25fd
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Oct 22 19:41:10 2022 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Oct 27 09:47:54 2022 +0200
cid#1242675 Untrusted value as argument
Change-Id: If8ecad4501d6c555791eae0ae113a34e05f9436f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141670
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/package/source/zipapi/ZipFile.cxx
b/package/source/zipapi/ZipFile.cxx
index c59035919bb8..828033688189 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -812,6 +812,13 @@ void ZipFile::readLOC( ZipEntry &rEntry )
aGrabber.ReadInt32(); //size
sal_Int16 nPathLen = aGrabber.ReadInt16();
sal_Int16 nExtraLen = aGrabber.ReadInt16();
+
+ if (nPathLen < 0)
+ {
+ SAL_WARN("package", "bogus path len of: " << nPathLen);
+ nPathLen = 0;
+ }
+
rEntry.nOffset = aGrabber.getPosition() + nPathLen + nExtraLen;
// FIXME64: need to read 64bit LOC
@@ -821,6 +828,7 @@ void ZipFile::readLOC( ZipEntry &rEntry )
try
{
// read always in UTF8, some tools seem not to set UTF8 bit
+ // coverity[tainted_data] - we've checked negative lens, and up to max
short is ok here
uno::Sequence<sal_Int8> aNameBuffer(nPathLen);
sal_Int32 nRead = aGrabber.readBytes(aNameBuffer, nPathLen);
if (nRead < aNameBuffer.getLength())
