Merge pull request #169 from keentux/parse-root-dir-extra

parse_root_dir: Verify size of extra obtained
gdraheim · Aug 6, 2024 · 3a1a0f8 · 3a1a0f8
2 parents c862f96 + 550e30e
commit 3a1a0f8
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/zzip/zip.c b/zzip/zip.c
@@ -525,7 +525,8 @@ __zzip_parse_root_directory(int fd, struct _disk_trailer* trailer, struct zzip_d
         hdr->d_namlen         = u_namlen;
 
         /* looking for ZIP64 extras when csize on intmax */
-        if (u_extras && (hdr->d_csize & 0xFFFFu == 0xFFFFu)) {
+        if (u_extras >= __sizeof(struct zzip_extra_zip64) &&
+            (hdr->d_csize & 0xFFFFu == 0xFFFFu)) {
             DBG3("%i extras bytes (%i)", u_extras, sizeof(struct zzip_extra_zip64));
             zzip_off64_t zz_extras = zz_offset + sizeof(*d) + u_namlen;
             zzip_byte_t* extras_ptr;