search

madler / zlib

A massively spiffy yet delicately unobtrusive compression library.
http://zlib.net/
Other
5.55k stars 2.42k forks source link

miniunz: Ensure filenames read from a ZIP file are always null terminated #911

Closed zmodem closed 7 months ago

zmodem commented 7 months ago

unzGetCurrentFileInfo64 does not null terminate the szFileName if it's longer or equal to fileNameBufferSize.

To ensure the strings are null terminated in the calling code, increase the buffer size by one and initialize with zeros.

Fixes #869

Neustradamus commented 7 months ago

@madler, @gvollant: Can you look this PR?

Linked to:

madler commented 7 months ago

I fixed it by making the buffers 65537 bytes. The zip file format limits file names to 65536 bytes.

zmodem commented 7 months ago

I fixed it by making the buffers 65537 bytes.

Clever :-)