From 2e9d137933b3b2bb0204fe7c985874b5ca743a70 Mon Sep 17 00:00:00 2001 From: Gavin Hayes Date: Thu, 2 Mar 2023 15:23:13 -0500 Subject: [PATCH] GetZipCdir: prevent integer underflow. posix_spawn_test.c: stop attempting to load zipos from /usr/bin/ape. --- libc/str/getzipcdir.c | 13 +++++++------ test/libc/stdio/posix_spawn_test.c | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/libc/str/getzipcdir.c b/libc/str/getzipcdir.c index 968275045..7cf953f31 100644 --- a/libc/str/getzipcdir.c +++ b/libc/str/getzipcdir.c @@ -55,11 +55,12 @@ void *GetZipCdir(const uint8_t *p, size_t n) { continue; } } - while (magic = READ32LE(p + i), - magic != kZipCdir64LocatorMagic && magic != kZipCdirHdrMagic && - i + 0x10000 + 0x1000 >= n) --i; - if (magic == kZipCdir64LocatorMagic && - i + kZipCdir64LocatorSize <= n && + while (magic = READ32LE(p + i), magic != kZipCdir64LocatorMagic && + magic != kZipCdirHdrMagic && + i + 0x10000 + 0x1000 >= n && i > 0) { + --i; + } + if (magic == kZipCdir64LocatorMagic && i + kZipCdir64LocatorSize <= n && IsZipCdir64(p, n, ZIP_LOCATE64_OFFSET(p + i))) { return p + ZIP_LOCATE64_OFFSET(p + i); } else if (magic == kZipCdirHdrMagic && IsZipCdir32(p, n, i)) { @@ -73,6 +74,6 @@ void *GetZipCdir(const uint8_t *p, size_t n) { } while (j-- && i - j < 128); return p + i; } - } while (i-- + 0x10000 + 0x1000 >= n); + } while (i > 0 && i-- + 0x10000 + 0x1000 >= n); return 0; } diff --git a/test/libc/stdio/posix_spawn_test.c b/test/libc/stdio/posix_spawn_test.c index 48fda6273..a67a8c44b 100644 --- a/test/libc/stdio/posix_spawn_test.c +++ b/test/libc/stdio/posix_spawn_test.c @@ -51,7 +51,7 @@ __attribute__((__constructor__)) static void init(void) { TEST(posix_spawn, test) { int rc, ws, pid; char *prog = GetProgramExecutableName(); - char *args[] = {program_invocation_name, NULL}; + char *args[] = {prog, NULL}; char *envs[] = {"THE_DOGE=42", NULL}; EXPECT_EQ(0, posix_spawn(&pid, prog, NULL, NULL, args, envs)); EXPECT_NE(-1, waitpid(pid, &ws, 0));