Fix invalid memcpy() call when reading corrupted ZIP files
Skip memcpy() call if its source and destination would overlap: this is not allowed and is correctly flagged as an error by address sanitizer and is unnecessary anyhow as we're certainly not going to find the magic value in fewer than 3 remaining bytes. Credit to OSS-Fuzz: this solves its issue 3794.
This commit is contained in:
parent
802eac475d
commit
8a4573223e
@ -1738,6 +1738,9 @@ bool wxZipInputStream::FindEndRecord()
|
||||
while (pos > minpos) {
|
||||
size_t len = wx_truncate_cast(size_t,
|
||||
pos - wxMax(pos - (BUFSIZE - 3), minpos));
|
||||
if ( len < 3 )
|
||||
break;
|
||||
|
||||
memcpy(buf.data() + len, buf, 3);
|
||||
pos -= len;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user