33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 382a08fa0b21d46c44c46af39041324f304a9dfa Mon Sep 17 00:00:00 2001
|
|
From: Aaron Klotz <aklotz@mozilla.com>
|
|
Date: Tue, 13 Oct 2015 12:20:25 -0600
|
|
Subject: [PATCH] Bug 1211262: Ensure that STORED entries in ZIP are considered
|
|
corrupt if compressed and uncompressed sizes differ; r=mwu, a=ritu
|
|
|
|
--HG--
|
|
extra : source : 673d9f45b802f1fd1ffaaeae19d433622fe68a5e
|
|
extra : intermediate-source : db9d3e806685d72a2891830ffbc42ef3cde559ae
|
|
---
|
|
modules/libjar/nsZipArchive.cpp | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/modules/libjar/nsZipArchive.cpp b/modules/libjar/nsZipArchive.cpp
|
|
index bb1e21b..eaf22ac 100644
|
|
--- a/modules/libjar/nsZipArchive.cpp
|
|
+++ b/modules/libjar/nsZipArchive.cpp
|
|
@@ -828,8 +828,10 @@ MOZ_WIN_MEM_TRY_BEGIN
|
|
// -- check if there is enough source data in the file
|
|
if (!offset ||
|
|
mFd->mLen < aItem->Size() ||
|
|
- offset > mFd->mLen - aItem->Size())
|
|
+ offset > mFd->mLen - aItem->Size() ||
|
|
+ (aItem->Compression() == STORED && aItem->Size() != aItem->RealSize())) {
|
|
return nullptr;
|
|
+ }
|
|
|
|
return mFd->mFileData + offset;
|
|
MOZ_WIN_MEM_TRY_CATCH(return nullptr)
|
|
--
|
|
2.5.0
|
|
|