From 1f6a7d64622046f6b56c302c0f9ff34ae8c326c6 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@musicpd.org>
Date: Fri, 4 Sep 2020 14:11:33 +0200
Subject: [PATCH] archive/zzip: fix crash on corrupt ZIP file

Sometimes, zzip_file_read() returns 0 even though the end of the file
was not reached.  This causes assertion failures in
DecoderBridge::Read().

Closes https://github.com/MusicPlayerDaemon/MPD/issues/935
---
 NEWS                                      | 2 ++
 src/archive/plugins/ZzipArchivePlugin.cxx | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/NEWS b/NEWS
index 6ec3b242d..96a3c40bf 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ ver 0.21.26 (not yet released)
 * output
   - osx: fix crash bug
   - sles: support floating point samples
+* archive
+  - zzip: fix crash on corrupt ZIP file
 * decoder
   - sndfile: fix lost samples at end of file
 
diff --git a/src/archive/plugins/ZzipArchivePlugin.cxx b/src/archive/plugins/ZzipArchivePlugin.cxx
index c4ebbd582..75fa81c37 100644
--- a/src/archive/plugins/ZzipArchivePlugin.cxx
+++ b/src/archive/plugins/ZzipArchivePlugin.cxx
@@ -32,6 +32,8 @@
 
 #include <zzip/zzip.h>
 
+#include <inttypes.h> /* for PRIoffset (PRIu64) */
+
 struct ZzipDir {
 	ZZIP_DIR *const dir;
 
@@ -151,6 +153,11 @@ ZzipInputStream::Read(void *ptr, size_t read_size)
 	if (nbytes < 0)
 		throw std::runtime_error("zzip_file_read() has failed");
 
+	if (nbytes == 0 && !IsEOF())
+		throw FormatRuntimeError("Unexpected end of file %s"
+					 " at %" PRIoffset " of %" PRIoffset,
+					 GetURI(), GetOffset(), GetSize());
+
 	offset = zzip_tell(file);
 	return nbytes;
 }