Skip to content

avoid signed left-shift overflow in mztools READ_32#1250

Open
rootvector2 wants to merge 1 commit into
madler:developfrom
rootvector2:mztools-read32-unsigned
Open

avoid signed left-shift overflow in mztools READ_32#1250
rootvector2 wants to merge 1 commit into
madler:developfrom
rootvector2:mztools-read32-unsigned

Conversation

@rootvector2

Copy link
Copy Markdown

READ_32 in mztools.c computes READ_16((adr)+2) << 16, where READ_16 has type int. When that 16-bit word is >= 0x8000 the shift pushes a set bit into the sign position, which is undefined behavior; unzRepair runs it on crc/size fields read straight from the input file, so almost any real archive trips it. UBSan reports "left shift of 32768 by 16 places cannot be represented in type 'int'". Cast the halves to unsigned before combining.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant