From e31767785bc0922a953bbd1ef6428bf319ba2d2b Mon Sep 17 00:00:00 2001

From: Stuart Caie <kyzer@cabextract.org.uk>

Date: Wed, 17 Oct 2018 11:33:35 +0100

Subject: [PATCH 2/3] CAB block input buffer is one byte too small for maximal

 Quantum block

(cherry picked from commit 40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2)

---

 libmspack/mspack/cab.h | 12 ++++++++++--

 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/libmspack/mspack/cab.h b/libmspack/mspack/cab.h

index 59cf95e..25cebcb 100644

--- a/libmspack/mspack/cab.h

+++ b/libmspack/mspack/cab.h

@@ -1,5 +1,5 @@

 /* This file is part of libmspack.

- * (C) 2003-2004 Stuart Caie.

+ * (C) 2003-2018 Stuart Caie.

  *

  * libmspack is free software; you can redistribute it and/or modify it under

  * the terms of the GNU Lesser General Public License (LGPL) version 2.1

@@ -70,6 +70,14 @@

 #define CAB_BLOCKMAX (32768)

 #define CAB_INPUTMAX (CAB_BLOCKMAX+6144)

+/* input buffer needs to be CAB_INPUTMAX + 1 byte to allow for max-sized block

+ * plus 1 trailer byte added by cabd_sys_read_block() for Quantum alignment.

+ *

+ * When MSCABD_PARAM_SALVAGE is set, block size is not checked so can be

+ * up to 65535 bytes, so max input buffer size needed is 65535 + 1

+ */

+#define CAB_INPUTBUF (65535 + 1)

+

 /* There are no more than 65535 data blocks per folder, so a folder cannot

  * be more than 32768*65535 bytes in length. As files cannot span more than

  * one folder, this is also their max offset, length and offset+length limit.

@@ -100,7 +108,7 @@ struct mscabd_decompress_state {

   struct mspack_file *infh;          /* input file handle                    */

   struct mspack_file *outfh;         /* output file handle                   */

   unsigned char *i_ptr, *i_end;      /* input data consumed, end             */

-  unsigned char input[CAB_INPUTMAX]; /* one input block of data              */

+  unsigned char input[CAB_INPUTBUF]; /* one input block of data              */

 };

 struct mscab_decompressor_p {

-- 

2.22.0