Bug 1211262: Ensure that STORED entries in ZIP are considered corrupt if compressed and uncompressed sizes differ; r=mwu, a=lizzard
authorAaron Klotz <aklotz@mozilla.com>
Tue, 13 Oct 2015 12:20:25 -0600
changeset 289558 db9d3e806685
parent 289557 9900f2a423ce
child 289559 6398da8b9482
push id5187
push useraklotz@mozilla.com
push date2015-10-15 17:33 +0000
treeherdermozilla-beta@db9d3e806685 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmwu, lizzard
bugs1211262
milestone42.0
Bug 1211262: Ensure that STORED entries in ZIP are considered corrupt if compressed and uncompressed sizes differ; r=mwu, a=lizzard
modules/libjar/nsZipArchive.cpp
--- a/modules/libjar/nsZipArchive.cpp
+++ b/modules/libjar/nsZipArchive.cpp
@@ -836,18 +836,20 @@ const uint8_t* nsZipArchive::GetData(nsZ
 {
   PR_ASSERT (aItem);
 MOZ_WIN_MEM_TRY_BEGIN
   uint32_t offset = GetDataOffset(aItem);
 
   // -- check if there is enough source data in the file
   if (!offset ||
       mFd->mLen < aItem->Size() ||
-      offset > mFd->mLen - aItem->Size())
+      offset > mFd->mLen - aItem->Size() ||
+      (aItem->Compression() == STORED && aItem->Size() != aItem->RealSize())) {
     return nullptr;
+  }
 
   return mFd->mFileData + offset;
 MOZ_WIN_MEM_TRY_CATCH(return nullptr)
 }
 
 // nsZipArchive::GetComment
 bool nsZipArchive::GetComment(nsACString &aComment)
 {