From e31767785bc0922a953bbd1ef6428bf319ba2d2b Mon Sep 17 00:00:00 2001 From: Stuart Caie Date: Wed, 17 Oct 2018 11:33:35 +0100 Subject: [PATCH 2/3] CAB block input buffer is one byte too small for maximal Quantum block (cherry picked from commit 40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2) --- libmspack/mspack/cab.h | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libmspack/mspack/cab.h b/libmspack/mspack/cab.h index 59cf95e..25cebcb 100644 --- a/libmspack/mspack/cab.h +++ b/libmspack/mspack/cab.h @@ -1,5 +1,5 @@ /* This file is part of libmspack. - * (C) 2003-2004 Stuart Caie. + * (C) 2003-2018 Stuart Caie. * * libmspack is free software; you can redistribute it and/or modify it under * the terms of the GNU Lesser General Public License (LGPL) version 2.1 @@ -70,6 +70,14 @@ #define CAB_BLOCKMAX (32768) #define CAB_INPUTMAX (CAB_BLOCKMAX+6144) +/* input buffer needs to be CAB_INPUTMAX + 1 byte to allow for max-sized block + * plus 1 trailer byte added by cabd_sys_read_block() for Quantum alignment. + * + * When MSCABD_PARAM_SALVAGE is set, block size is not checked so can be + * up to 65535 bytes, so max input buffer size needed is 65535 + 1 + */ +#define CAB_INPUTBUF (65535 + 1) + /* There are no more than 65535 data blocks per folder, so a folder cannot * be more than 32768*65535 bytes in length. As files cannot span more than * one folder, this is also their max offset, length and offset+length limit. @@ -100,7 +108,7 @@ struct mscabd_decompress_state { struct mspack_file *infh; /* input file handle */ struct mspack_file *outfh; /* output file handle */ unsigned char *i_ptr, *i_end; /* input data consumed, end */ - unsigned char input[CAB_INPUTMAX]; /* one input block of data */ + unsigned char input[CAB_INPUTBUF]; /* one input block of data */ }; struct mscab_decompressor_p { -- 2.22.0