You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.6 KiB
48 lines
1.6 KiB
6 years ago
|
diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c
|
||
|
|
index a675d1b..9847f1c 100644
|
||
|
|
--- a/libgcab/cabinet.c
|
||
|
|
+++ b/libgcab/cabinet.c
|
||
|
|
@@ -460,18 +460,38 @@ cdata_read (cdata_t *cd, u1 res_data, gint comptype,
|
||
|
|
gboolean success = FALSE;
|
||
|
|
int ret, zret = Z_OK;
|
||
|
|
gint compression = comptype & GCAB_COMPRESSION_MASK;
|
||
|
|
- guint8 *buf = compression == GCAB_COMPRESSION_NONE ? cd->out : cd->in;
|
||
|
|
+ gsize buf_sz;
|
||
|
|
+ guint8 *buf = NULL;
|
||
|
|
CHECKSUM datacsum;
|
||
|
|
|
||
|
|
- if (compression > GCAB_COMPRESSION_MSZIP &&
|
||
|
|
- compression != GCAB_COMPRESSION_LZX) {
|
||
|
|
+ /* decompress directly into ->out for no decompression */
|
||
|
|
+ switch (compression) {
|
||
|
|
+ case GCAB_COMPRESSION_NONE:
|
||
|
|
+ buf = cd->out;
|
||
|
|
+ buf_sz = sizeof(cd->out);
|
||
|
|
+ break;
|
||
|
|
+ case GCAB_COMPRESSION_MSZIP:
|
||
|
|
+ case GCAB_COMPRESSION_LZX:
|
||
|
|
+ buf = cd->in;
|
||
|
|
+ buf_sz = sizeof(cd->in);
|
||
|
|
+ break;
|
||
|
|
+ default:
|
||
|
|
g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED,
|
||
|
|
_("unsupported compression method %d"), compression);
|
||
|
|
- return FALSE;
|
||
|
|
+ break;
|
||
|
|
}
|
||
|
|
+ if (buf == NULL)
|
||
|
|
+ return FALSE;
|
||
|
|
|
||
|
|
R4 (cd->checksum);
|
||
|
|
R2 (cd->ncbytes);
|
||
|
|
+ if (cd->ncbytes > buf_sz) {
|
||
|
|
+ g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED,
|
||
|
|
+ "tried to decompress %" G_GUINT16_FORMAT " bytes "
|
||
|
|
+ "into buffer of size %" G_GSIZE_FORMAT,
|
||
|
|
+ cd->ncbytes, buf_sz);
|
||
|
|
+ return FALSE;
|
||
|
|
+ }
|
||
|
|
R2 (cd->nubytes);
|
||
|
|
cd->reserved = g_malloc (res_data);
|
||
|
|
RN (cd->reserved, res_data);
|