package/source/zipapi/ZipFile.cxx | 6 ++++++
1 file changed, 6 insertions(+)
New commits:
commit e4d598e350d39c7354b1855fb55108413f0f7114
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Apr 25 12:33:26 2023 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Tue Apr 25 15:49:20 2023 +0200
tdf#155005 fail gracefully on encountering a negative compression value
we are using sal_Int64 for this so a large enough value can be
interpreted as negative here
Change-Id: Id547a24591aca4b6ed7b7955621641a0666b0bd5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150925
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
Tested-by: Jenkins
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/package/source/zipapi/ZipFile.cxx
b/package/source/zipapi/ZipFile.cxx
index 828033688189..d5c6411e48a6 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -1204,6 +1204,12 @@ bool ZipFile::checkSizeAndCRC( const ZipEntry& aEntry )
if( aEntry.nMethod == STORED )
return ( getCRC( aEntry.nOffset, aEntry.nSize ) == aEntry.nCrc );
+ if (aEntry.nCompressedSize < 0)
+ {
+ SAL_WARN("package", "bogus compressed size of: " <<
aEntry.nCompressedSize);
+ return false;
+ }
+
getSizeAndCRC( aEntry.nOffset, aEntry.nCompressedSize, &nSize, &nCRC );
return ( aEntry.nSize == nSize && aEntry.nCrc == nCRC );
}
