|
 |
91c29c |
diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c
|
|
|
91c29c |
index a675d1b..9847f1c 100644
|
|
|
91c29c |
--- a/libgcab/cabinet.c
|
|
|
91c29c |
+++ b/libgcab/cabinet.c
|
|
|
91c29c |
@@ -460,18 +460,38 @@ cdata_read (cdata_t *cd, u1 res_data, gint comptype,
|
|
|
91c29c |
gboolean success = FALSE;
|
|
|
91c29c |
int ret, zret = Z_OK;
|
|
|
91c29c |
gint compression = comptype & GCAB_COMPRESSION_MASK;
|
|
|
91c29c |
- guint8 *buf = compression == GCAB_COMPRESSION_NONE ? cd->out : cd->in;
|
|
|
91c29c |
+ gsize buf_sz;
|
|
|
91c29c |
+ guint8 *buf = NULL;
|
|
|
91c29c |
CHECKSUM datacsum;
|
|
|
91c29c |
|
|
|
91c29c |
- if (compression > GCAB_COMPRESSION_MSZIP &&
|
|
|
91c29c |
- compression != GCAB_COMPRESSION_LZX) {
|
|
|
91c29c |
+ /* decompress directly into ->out for no decompression */
|
|
|
91c29c |
+ switch (compression) {
|
|
|
91c29c |
+ case GCAB_COMPRESSION_NONE:
|
|
|
91c29c |
+ buf = cd->out;
|
|
|
91c29c |
+ buf_sz = sizeof(cd->out);
|
|
|
91c29c |
+ break;
|
|
|
91c29c |
+ case GCAB_COMPRESSION_MSZIP:
|
|
|
91c29c |
+ case GCAB_COMPRESSION_LZX:
|
|
|
91c29c |
+ buf = cd->in;
|
|
|
91c29c |
+ buf_sz = sizeof(cd->in);
|
|
|
91c29c |
+ break;
|
|
|
91c29c |
+ default:
|
|
|
91c29c |
g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED,
|
|
|
91c29c |
_("unsupported compression method %d"), compression);
|
|
|
91c29c |
- return FALSE;
|
|
|
91c29c |
+ break;
|
|
|
91c29c |
}
|
|
|
91c29c |
+ if (buf == NULL)
|
|
|
91c29c |
+ return FALSE;
|
|
|
91c29c |
|
|
|
91c29c |
R4 (cd->checksum);
|
|
|
91c29c |
R2 (cd->ncbytes);
|
|
|
91c29c |
+ if (cd->ncbytes > buf_sz) {
|
|
|
91c29c |
+ g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED,
|
|
|
91c29c |
+ "tried to decompress %" G_GUINT16_FORMAT " bytes "
|
|
|
91c29c |
+ "into buffer of size %" G_GSIZE_FORMAT,
|
|
|
91c29c |
+ cd->ncbytes, buf_sz);
|
|
|
91c29c |
+ return FALSE;
|
|
|
91c29c |
+ }
|
|
|
91c29c |
R2 (cd->nubytes);
|
|
|
91c29c |
cd->reserved = g_malloc (res_data);
|
|
|
91c29c |
RN (cd->reserved, res_data);
|