Browse code
bb #9733: CAB unpacking fix
David Raynor authored on 2013/12/21 07:24:40Showing 1 changed files
| ... | ... |
@@ -648,7 +648,7 @@ int mszip_decompress(struct mszip_stream *zip, uint32_t out_bytes) {
|
| 648 | 648 |
|
| 649 | 649 |
/* flush out any stored-up bytes before we begin */ |
| 650 | 650 |
i = zip->o_end - zip->o_ptr; |
| 651 |
- if ((off_t) i > out_bytes) i = (int) out_bytes; |
|
| 651 |
+ if (((off_t) i > out_bytes) && ((int) out_bytes >= 0)) i = (int) out_bytes; |
|
| 652 | 652 |
if (i) {
|
| 653 | 653 |
if (zip->wflag && (ret = mspack_write(zip->ofd, zip->o_ptr, i, zip->file)) != CL_SUCCESS) {
|
| 654 | 654 |
return zip->error = ret; |
| ... | ... |
@@ -1120,7 +1120,7 @@ int lzx_decompress(struct lzx_stream *lzx, uint32_t out_bytes) {
|
| 1120 | 1120 |
|
| 1121 | 1121 |
/* flush out any stored-up bytes before we begin */ |
| 1122 | 1122 |
i = lzx->o_end - lzx->o_ptr; |
| 1123 |
- if ((off_t) i > out_bytes) i = (int) out_bytes; |
|
| 1123 |
+ if (((off_t) i > out_bytes) && ((int) out_bytes >= 0)) i = (int) out_bytes; |
|
| 1124 | 1124 |
if (i) {
|
| 1125 | 1125 |
if (lzx->wflag && (ret = mspack_write(lzx->ofd, lzx->o_ptr, i, lzx->file)) != CL_SUCCESS) {
|
| 1126 | 1126 |
return lzx->error = ret; |
| ... | ... |
@@ -1852,7 +1852,7 @@ int qtm_decompress(struct qtm_stream *qtm, uint32_t out_bytes) {
|
| 1852 | 1852 |
|
| 1853 | 1853 |
/* flush out any stored-up bytes before we begin */ |
| 1854 | 1854 |
i = qtm->o_end - qtm->o_ptr; |
| 1855 |
- if ((off_t) i > out_bytes) i = (int) out_bytes; |
|
| 1855 |
+ if (((off_t) i > out_bytes) && ((int) out_bytes >= 0)) i = (int) out_bytes; |
|
| 1856 | 1856 |
if (i) {
|
| 1857 | 1857 |
if (qtm->wflag && (ret = mspack_write(qtm->ofd, qtm->o_ptr, i, qtm->file)) != CL_SUCCESS) {
|
| 1858 | 1858 |
return qtm->error = ret; |