external/subpack/utils/unzip/patches/007-integer-underflow-csiz_decrypted.patch - T108 - Gitiles

 --- a/extract.c
 +++ b/extract.c
 @@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G
          if (G.lrec.compression_method == STORED) {
              zusz_t csiz_decrypted = G.lrec.csize;

 -            if (G.pInfo->encrypted)
 +            if (G.pInfo->encrypted) {
 +                if (csiz_decrypted <= 12) {
 +                    /* handle the error now to prevent unsigned overflow */
 +                    Info(slide, 0x401, ((char *)slide,
 +                      LoadFarStringSmall(ErrUnzipNoFile),
 +                      LoadFarString(InvalidComprData),
 +                      LoadFarStringSmall2(Inflate)));
 +                    return PK_ERR;
 +                }
                  csiz_decrypted -= 12;
 +            }
              if (G.lrec.ucsize != csiz_decrypted) {
                  Info(slide, 0x401, ((char *)slide,
                    LoadFarStringSmall2(WrnStorUCSizCSizDiff),
	--- a/extract.c
	+++ b/extract.c
	@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G
	if (G.lrec.compression_method == STORED) {
	zusz_t csiz_decrypted = G.lrec.csize;

	- if (G.pInfo->encrypted)
	+ if (G.pInfo->encrypted) {
	+ if (csiz_decrypted <= 12) {
	+ /* handle the error now to prevent unsigned overflow */
	+ Info(slide, 0x401, ((char *)slide,
	+ LoadFarStringSmall(ErrUnzipNoFile),
	+ LoadFarString(InvalidComprData),
	+ LoadFarStringSmall2(Inflate)));
	+ return PK_ERR;
	+ }
	csiz_decrypted -= 12;
	+ }
	if (G.lrec.ucsize != csiz_decrypted) {
	Info(slide, 0x401, ((char *)slide,
	LoadFarStringSmall2(WrnStorUCSizCSizDiff),