You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 lines
1.6 KiB
47 lines
1.6 KiB
diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c |
|
index a675d1b..9847f1c 100644 |
|
--- a/libgcab/cabinet.c |
|
+++ b/libgcab/cabinet.c |
|
@@ -460,18 +460,38 @@ cdata_read (cdata_t *cd, u1 res_data, gint comptype, |
|
gboolean success = FALSE; |
|
int ret, zret = Z_OK; |
|
gint compression = comptype & GCAB_COMPRESSION_MASK; |
|
- guint8 *buf = compression == GCAB_COMPRESSION_NONE ? cd->out : cd->in; |
|
+ gsize buf_sz; |
|
+ guint8 *buf = NULL; |
|
CHECKSUM datacsum; |
|
|
|
- if (compression > GCAB_COMPRESSION_MSZIP && |
|
- compression != GCAB_COMPRESSION_LZX) { |
|
+ /* decompress directly into ->out for no decompression */ |
|
+ switch (compression) { |
|
+ case GCAB_COMPRESSION_NONE: |
|
+ buf = cd->out; |
|
+ buf_sz = sizeof(cd->out); |
|
+ break; |
|
+ case GCAB_COMPRESSION_MSZIP: |
|
+ case GCAB_COMPRESSION_LZX: |
|
+ buf = cd->in; |
|
+ buf_sz = sizeof(cd->in); |
|
+ break; |
|
+ default: |
|
g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED, |
|
_("unsupported compression method %d"), compression); |
|
- return FALSE; |
|
+ break; |
|
} |
|
+ if (buf == NULL) |
|
+ return FALSE; |
|
|
|
R4 (cd->checksum); |
|
R2 (cd->ncbytes); |
|
+ if (cd->ncbytes > buf_sz) { |
|
+ g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED, |
|
+ "tried to decompress %" G_GUINT16_FORMAT " bytes " |
|
+ "into buffer of size %" G_GSIZE_FORMAT, |
|
+ cd->ncbytes, buf_sz); |
|
+ return FALSE; |
|
+ } |
|
R2 (cd->nubytes); |
|
cd->reserved = g_malloc (res_data); |
|
RN (cd->reserved, res_data);
|
|
|