diff options
author | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-01-02 12:31:01 +0000 |
---|---|---|
committer | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-01-02 20:15:00 +0100 |
commit | 69181dd430543db21fc0e61b70033ef484708c1c (patch) | |
tree | 01f5e20c851151192b58c32b8eb42d6d998ac5e8 /package | |
parent | 4d8b5a91a76262d6dd58342b248e542ddea1fdaf (diff) |
ofz#65480: Integer-overflow
Change-Id: Ie771e6e37237907698e4c39eb50cd940500b86ca
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161540
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Diffstat (limited to 'package')
-rw-r--r-- | package/source/zipapi/ZipFile.cxx | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx index 6137e3a0bb0a..474b73ff53db 100644 --- a/package/source/zipapi/ZipFile.cxx +++ b/package/source/zipapi/ZipFile.cxx @@ -1126,8 +1126,10 @@ sal_Int32 ZipFile::readCEN() aEntry.nSize = nSize; aEntry.nOffset = nOffset; - aEntry.nOffset += nLocPos; - aEntry.nOffset *= -1; + if (o3tl::checked_add<sal_Int64>(aEntry.nOffset, nLocPos, aEntry.nOffset)) + throw ZipException("Integer-overflow"); + if (o3tl::checked_multiply<sal_Int64>(aEntry.nOffset, -1, aEntry.nOffset)) + throw ZipException("Integer-overflow"); aMemGrabber.skipBytes(nCommentLen); aEntries[aEntry.sPath] = aEntry; |