diff options
Diffstat (limited to 'updater')
| -rw-r--r-- | updater/install.cpp | 6 | ||||
| -rw-r--r-- | updater/target_files.cpp | 7 | ||||
| -rw-r--r-- | updater/updater.cpp | 7 |
3 files changed, 19 insertions, 1 deletions
diff --git a/updater/install.cpp b/updater/install.cpp index cfa4d9d82..295965047 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -35,6 +35,7 @@ #include <unistd.h> #include <utime.h> +#include <limits> #include <memory> #include <string> #include <vector> @@ -172,6 +173,11 @@ Value* PackageExtractFileFn(const char* name, State* state, } std::string buffer; + if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) { + return ErrorAbort(state, kPackageExtractFileFailure, + "%s(): Entry `%s` Uncompressed size exceeds size of address space.", name, + zip_path.c_str()); + } buffer.resize(entry.uncompressed_length); int32_t ret = diff --git a/updater/target_files.cpp b/updater/target_files.cpp index 951923293..207146f52 100644 --- a/updater/target_files.cpp +++ b/updater/target_files.cpp @@ -137,6 +137,13 @@ bool TargetFile::ReadEntryToString(const std::string_view name, std::string* con return true; } + if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to extract " << name + << " because's uncompressed size exceeds size of address space. " + << entry.uncompressed_length; + return false; + } + content->resize(entry.uncompressed_length); if (auto extract_err = ExtractToMemory( handle_, &entry, reinterpret_cast<uint8_t*>(&content->at(0)), entry.uncompressed_length); diff --git a/updater/updater.cpp b/updater/updater.cpp index 73ca0e532..c52673462 100644 --- a/updater/updater.cpp +++ b/updater/updater.cpp @@ -170,7 +170,12 @@ bool Updater::ReadEntryToString(ZipArchiveHandle za, const std::string& entry_na << " in the package: " << ErrorCodeString(find_err); return false; } - + if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to extract " << entry_name + << " because's uncompressed size exceeds size of address space. " + << entry.uncompressed_length; + return false; + } content->resize(entry.uncompressed_length); int extract_err = ExtractToMemory(za, &entry, reinterpret_cast<uint8_t*>(&content->at(0)), entry.uncompressed_length); |