From 1f6a7d64622046f6b56c302c0f9ff34ae8c326c6 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 4 Sep 2020 14:11:33 +0200 Subject: [PATCH] archive/zzip: fix crash on corrupt ZIP file Sometimes, zzip_file_read() returns 0 even though the end of the file was not reached. This causes assertion failures in DecoderBridge::Read(). Closes https://github.com/MusicPlayerDaemon/MPD/issues/935 --- NEWS | 2 ++ src/archive/plugins/ZzipArchivePlugin.cxx | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/NEWS b/NEWS index 6ec3b242d..96a3c40bf 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,8 @@ ver 0.21.26 (not yet released) * output - osx: fix crash bug - sles: support floating point samples +* archive + - zzip: fix crash on corrupt ZIP file * decoder - sndfile: fix lost samples at end of file diff --git a/src/archive/plugins/ZzipArchivePlugin.cxx b/src/archive/plugins/ZzipArchivePlugin.cxx index c4ebbd582..75fa81c37 100644 --- a/src/archive/plugins/ZzipArchivePlugin.cxx +++ b/src/archive/plugins/ZzipArchivePlugin.cxx @@ -32,6 +32,8 @@ #include +#include /* for PRIoffset (PRIu64) */ + struct ZzipDir { ZZIP_DIR *const dir; @@ -151,6 +153,11 @@ ZzipInputStream::Read(void *ptr, size_t read_size) if (nbytes < 0) throw std::runtime_error("zzip_file_read() has failed"); + if (nbytes == 0 && !IsEOF()) + throw FormatRuntimeError("Unexpected end of file %s" + " at %" PRIoffset " of %" PRIoffset, + GetURI(), GetOffset(), GetSize()); + offset = zzip_tell(file); return nbytes; }