Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

changed/fixed: add some sanity checks to rar code to avoid crashes wi…

…th corrupt archives.
  • Loading branch information...
commit f0b48373c738ee7f6edf274098e8bc33b985a4d9 1 parent dab7e1a
spiff authored
Showing with 15 additions and 0 deletions.
  1. +12 −0 lib/UnrarXLib/rar.cpp
  2. +3 −0  xbmc/filesystem/RarDirectory.cpp
12 lib/UnrarXLib/rar.cpp
View
@@ -345,6 +345,13 @@ int urarlib_list(char *rarfile, ArchiveList_struct **ppList, char *libpassword,
if (!*ppList)
*ppList = pCurr;
pCurr->item.NameSize = strlen(pArc->NewLhd.FileName);
+ // sanity check - if it fails the archive is likely corrupt
+ if (pCurr->item.NameSize > NM)
+ {
+ File::RemoveCreated();
+ return 0;
+ }
+
pCurr->item.Name = (char *)malloc(pCurr->item.NameSize + 1);
strcpy(pCurr->item.Name, pArc->NewLhd.FileName);
pCurr->item.NameW = (wchar *)malloc((pCurr->item.NameSize + 1)*sizeof(wchar));
@@ -365,6 +372,11 @@ int urarlib_list(char *rarfile, ArchiveList_struct **ppList, char *libpassword,
break;
}
iOffset = pArc->NextBlockPos;
+ if (iOffset > pArc->FileLength())
+ {
+ File::RemoveCreated();
+ return 0;
+ }
pArc->SeekToNext();
}
if (pCmd->VolSize!=0 && ((pArc->NewLhd.Flags & LHD_SPLIT_AFTER) || (pArc->GetHeaderType()==ENDARC_HEAD && (pArc->EndArcHead.Flags & EARC_NEXT_VOLUME)!=0)))
3  xbmc/filesystem/RarDirectory.cpp
View
@@ -71,7 +71,10 @@ namespace XFILE
return( true);
}
else
+ {
+ CLog::Log(LOGWARNING,"%s: rar lib returned no files in archive %s, likely corrupt",__FUNCTION__,strArchive.c_str());
return( false );
+ }
}
bool CRarDirectory::Exists(const char* strPath)
Please sign in to comment.
Something went wrong with that request. Please try again.