Fixed ASAN integer-overflow if cd_offset + cd_size > INT64_MAX.

https://oss-fuzz.com/testcase-detail/6499546186252288
zlib-ng · Jan 30, 2021 · 2bc5f17 · 2bc5f17
1 parent 6f17da5
commit 2bc5f17
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/mz_zip.c b/mz_zip.c
@@ -1072,7 +1072,7 @@ static int32_t mz_zip_read_cd(void *handle) {
         if (eocd_pos < zip->cd_offset) {
             /* End of central dir should always come after central dir */
             err = MZ_FORMAT_ERROR;
-        } else if (eocd_pos < zip->cd_offset + zip->cd_size) {
+        } else if (eocd_pos < (uint64_t)zip->cd_offset + zip->cd_size) {
             /* Truncate size of cd if incorrect size or offset provided */
             zip->cd_size = eocd_pos - zip->cd_offset;
         }