core.git: Branch 'libreoffice-24-2-5' - package/qa package/source

Wed, 10 Jul 2024 02:49:37 -0700 

 package/source/zipapi/ZipFile.cxx |    6 ++++++
 1 file changed, 6 insertions(+)

New commits:
commit 05506239d2719b99493c75cd3f22582a13f699e0
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Thu Jul 4 17:52:49 2024 +0200
Commit:     Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
CommitDate: Wed Jul 10 11:49:12 2024 +0200

    package: ZipFile: treat junk at the start of zip as invalid
    
    Probably the only legitimate use of such is self-extracting archives,
    irrelevant for LO.
    
    ofz56826-1.zip is an example; given what Info-Zip unzip prints about
    this file we don't want to successfully open it.
    
    Change-Id: I9568710227e4a152f9dc7bc356184394d7da8eba
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170002
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    (cherry picked from commit 2afdc61dd3138b383fb73dae2242ba1a9c8de901)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170009
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
    (cherry picked from commit fca236e6fd7f1b42d8ed23907913036d8140d651)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/170229
    Tested-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>
    Reviewed-by: Ilmari Lauhakangas <ilmari.lauhakan...@libreoffice.org>
    Reviewed-by: Christian Lohmaier <lohmaier+libreoff...@googlemail.com>

diff --git a/package/qa/cppunit/data/pass/ofz56826-1.zip 
b/package/qa/cppunit/data/fail/ofz56826-1.zip
similarity index 100%
rename from package/qa/cppunit/data/pass/ofz56826-1.zip
rename to package/qa/cppunit/data/fail/ofz56826-1.zip
diff --git a/package/source/zipapi/ZipFile.cxx 
b/package/source/zipapi/ZipFile.cxx
index e9a515bc85c7..c7e10cb06e39 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -1077,6 +1077,7 @@ sal_Int32 ZipFile::readCEN()
 
         ZipEntry aEntry;
         sal_Int16 nCommentLen;
+        sal_Int64 nMinOffset{nEndPos};
 
         aEntries.reserve(nTotal);
         for (nCount = 0 ; nCount < nTotal; nCount++)
@@ -1141,6 +1142,7 @@ sal_Int32 ZipFile::readCEN()
 
             if (o3tl::checked_add<sal_Int64>(aEntry.nOffset, nLocPos, 
aEntry.nOffset))
                 throw ZipException("Integer-overflow");
+            nMinOffset = std::min(nMinOffset, aEntry.nOffset);
             if (o3tl::checked_multiply<sal_Int64>(aEntry.nOffset, -1, 
aEntry.nOffset))
                 throw ZipException("Integer-overflow");
 
@@ -1167,6 +1169,10 @@ sal_Int32 ZipFile::readCEN()
 
         if (nCount != nTotal)
             throw ZipException("Count != Total" );
+        if (nMinOffset != 0)
+        {
+            throw ZipException(u"Extra bytes at beginning of zip file"_ustr);
+        }
     }
     catch ( IllegalArgumentException & )
     {

Reply via email to