File CVE-2023-1576.patch of Package p7zip.40594

Index: b/CPP/7zip/Archive/Zip/ZipIn.cpp
===================================================================
--- a/CPP/7zip/Archive/Zip/ZipIn.cpp
+++ b/CPP/7zip/Archive/Zip/ZipIn.cpp
@@ -1095,6 +1095,7 @@ HRESULT CInArchive::FindCd(bool checkOff
     
     if (i >= kEcd64Locator_Size)
     {
+      const size_t locatorIndex = i - kEcd64Locator_Size;
       const Byte *locatorPtr = buf + i - kEcd64Locator_Size;
       if (Get32(locatorPtr) == NSignature::kEcd64Locator)
       {
@@ -1110,6 +1111,7 @@ HRESULT CInArchive::FindCd(bool checkOff
           // we try relative backward reading.
 
           UInt64 absEcd64 = endPos - bufSize + i - (kEcd64Locator_Size + kEcd64_FullSize);
+          if (locatorIndex >= kEcd64_FullSize)
           if (checkOffsetMode || absEcd64 == locator.Ecd64Offset)
           {
             const Byte *ecd64 = locatorPtr - kEcd64_FullSize;

Places

File CVE-2023-1576.patch of Package p7zip.40594

Places