utils/unzip/patches/007-integer-underflow-csiz_decrypted.patch

   1 --- a/extract.c
   2 +++ b/extract.c
   3 @@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G
   4          if (G.lrec.compression_method == STORED) {
   5              zusz_t csiz_decrypted = G.lrec.csize;
   6
   7 -            if (G.pInfo->encrypted)
   8 +            if (G.pInfo->encrypted) {
   9 +                if (csiz_decrypted <= 12) {
  10 +                    /* handle the error now to prevent unsigned overflow */
  11 +                    Info(slide, 0x401, ((char *)slide,
  12 +                      LoadFarStringSmall(ErrUnzipNoFile),
  13 +                      LoadFarString(InvalidComprData),
  14 +                      LoadFarStringSmall2(Inflate)));
  15 +                    return PK_ERR;
  16 +                }
  17                  csiz_decrypted -= 12;
  18 +            }
  19              if (G.lrec.ucsize != csiz_decrypted) {
  20                  Info(slide, 0x401, ((char *)slide,
  21                    LoadFarStringSmall2(WrnStorUCSizCSizDiff),