pacowong / miniz

Automatically exported from code.google.com/p/miniz
0 stars 0 forks source link

mz_reader_extract_to_mem_noalloc() fails with non-NULL user buffer #8

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Create a ZIP with an entry with a larger compressed size than uncompressed 
size. (Not sure if this is a necessary condition.)
2. Call mz_reader_extract_to_mem_noalloc with a non-NULL user buffer.

What is the expected output? What do you see instead?
I expect the extracted output, but the procedure fails instead.

What version of the product are you using? On what operating system?
1.14 on Visual Studio 2010 (32-bit). Also replicated with GCC on Cygwin.

Please provide any additional information below.

The problem seems to be on line 3539:

  else if (pUser_read_buf)
  {
    // Use a user provided read buffer.
    if (!user_read_buf_size)
      return MZ_FALSE;
    pRead_buf = (mz_uint8 *)pUser_read_buf;
    read_buf_size = user_read_buf_size;
    read_buf_avail = 0;
    comp_remaining = file_stat.m_uncomp_size;
  }

Judging from the surrounding code, comp_remaining = file_stat.m_comp_size, not 
m_uncomp_size. This would explain why cases with a NULL pUser_read_buf works 
fine.

Original issue reported on code.google.com by kym...@gmail.com on 23 Aug 2012 at 7:25

GoogleCodeExporter commented 9 years ago
Oh shit, that looks bad. I'm going to fix this in v1.15 r2 right now. Thanks a 
lot for the report!

Original comment by richge...@gmail.com on 13 Oct 2013 at 5:37

GoogleCodeExporter commented 9 years ago
This fix is in v1.15, and I've given you credits. Can't believe I missed this 
one. Thank you very much for the report!

Original comment by richge...@gmail.com on 13 Oct 2013 at 6:05