parse_root_dir: Verify size of extra obtained

* Fix the issue #164 where extra_ptr could be alocated without enough bytes to check the magic value. Signed-off-by: vlefebvre <valentin.lefebvre@suse.com>
gdraheim · Aug 6, 2024 · 550e30e · 550e30e
1 parent c862f96
commit 550e30e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/zzip/zip.c b/zzip/zip.c
@@ -525,7 +525,8 @@ __zzip_parse_root_directory(int fd, struct _disk_trailer* trailer, struct zzip_d
         hdr->d_namlen         = u_namlen;
 
         /* looking for ZIP64 extras when csize on intmax */
-        if (u_extras && (hdr->d_csize & 0xFFFFu == 0xFFFFu)) {
+        if (u_extras >= __sizeof(struct zzip_extra_zip64) &&
+            (hdr->d_csize & 0xFFFFu == 0xFFFFu)) {
             DBG3("%i extras bytes (%i)", u_extras, sizeof(struct zzip_extra_zip64));
             zzip_off64_t zz_extras = zz_offset + sizeof(*d) + u_namlen;
             zzip_byte_t* extras_ptr;