File CVE-2020-18770.patch of Package zziplib
From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 26 Feb 2024 23:17:12 +0100
Subject: [PATCH] #69 assert full zzip_file_header
---
zzip/mmapped.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/zzip/mmapped.c b/zzip/mmapped.c
index 2071882..306ba51 100644
--- a/zzip/mmapped.c
+++ b/zzip/mmapped.c
@@ -276,7 +276,8 @@ struct zzip_file_header *
zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
{
zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
- if (disk->buffer > ptr || ptr >= disk->endbuf)
+ zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
+ if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
{
debug2("file header: offset out of bounds (0x%llx)", (long long unsigned)(disk->buffer));
errno = EBADMSG;
--
2.35.3
