aboutsummaryrefslogtreecommitdiff
path: root/libgo/go/archive/zip/reader.go
diff options
context:
space:
mode:
Diffstat (limited to 'libgo/go/archive/zip/reader.go')
-rw-r--r--libgo/go/archive/zip/reader.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/libgo/go/archive/zip/reader.go b/libgo/go/archive/zip/reader.go
index c10f29a..f19cf2d 100644
--- a/libgo/go/archive/zip/reader.go
+++ b/libgo/go/archive/zip/reader.go
@@ -353,6 +353,11 @@ func readDirectoryEnd(r io.ReaderAt, size int64) (dir *directoryEnd, err error)
if err != nil {
return nil, err
}
+
+ // Make sure directoryOffset points to somewhere in our file.
+ if o := int64(d.directoryOffset); o < 0 || o >= size {
+ return nil, ErrFormat
+ }
return d, nil
}
@@ -407,7 +412,7 @@ func findSignatureInBlock(b []byte) int {
if b[i] == 'P' && b[i+1] == 'K' && b[i+2] == 0x05 && b[i+3] == 0x06 {
// n is length of comment
n := int(b[i+directoryEndLen-2]) | int(b[i+directoryEndLen-1])<<8
- if n+directoryEndLen+i == len(b) {
+ if n+directoryEndLen+i <= len(b) {
return i
}
}
generated by cgit v1.1 at 2025-04-02 07:13:06 +0000