package/source/zipapi/ZipFile.cxx | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)
New commits: commit b9ecff61e1ba9edfd7a49659221a829c329d7368 Author: Michael Stahl <[email protected]> AuthorDate: Tue Jul 2 11:47:17 2024 +0200 Commit: Christian Lohmaier <[email protected]> CommitDate: Wed Jul 10 11:46:11 2024 +0200 package: ZipFile: don't accept duplicate CEN entries Change-Id: Ice341a11346b445c555cba276bf2284e4f9b6685 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169881 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 67cb6af482bc5b0f4d310f0a42a85057f3db0267) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169945 Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit a4f85170623b40d33b914d95be109f6e8fe3c8fa) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169953 Reviewed-by: Ilmari Lauhakangas <[email protected]> Reviewed-by: Christian Lohmaier <[email protected]> Tested-by: Christian Lohmaier <[email protected]> diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index 72788b625d00..b19ebaf2c5e2 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -1153,7 +1153,15 @@ sal_Int32 ZipFile::readCEN() continue; // This is a directory entry, not a stream - skip it } - aEntries[aEntry.sPath] = aEntry; + if (auto it = aEntries.find(aEntry.sPath); it == aEntries.end()) + { + aEntries[aEntry.sPath] = aEntry; + } + else + { + SAL_INFO("package", "Duplicate CEN entry: \"" << aEntry.sPath << "\""); + throw ZipException(u"Duplicate CEN entry"_ustr); + } } if (nCount != nTotal)
