Check extra field data size before subtracting from remaining count

because it is an unsigned value.
kimci86 · Mar 16, 2024 · 24d7319 · 24d7319
1 parent 83fc5de
commit 24d7319
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/Zip.cpp b/src/Zip.cpp
@@ -155,11 +155,14 @@ auto Zip::Iterator::operator++() -> Zip::Iterator&
 
     m_entry->checkByte = (flags >> 3) & 1 ? static_cast<std::uint8_t>(lastModTime >> 8) : msb(m_entry->crc32);
 
-    for (auto remaining = extraFieldLength; remaining > 0;)
+    for (auto remaining = extraFieldLength; remaining;)
     {
         // read extra field header
         const auto id   = read<std::uint16_t>(*m_is);
         auto       size = read<std::uint16_t>(*m_is);
+
+        if (remaining < 4 + size)
+            throw Error{"could not read central directory header"};
         remaining -= 4 + size;
 
         switch (id)