berkutta · June 18, 2020 07:31
diff --git a/0001-Fix-false-overlapped-components-detection-on-32-bit-.patch b/0001-Fix-false-overlapped-components-detection-on-32-bit-.patch
 From 13f0260beae851f7d5dd96e9ef757d8d6d7daac1 Mon Sep 17 00:00:00 2001
 From: Mark Adler <[email protected]>
 Date: Sun, 9 Feb 2020 07:20:13 -0800
 Subject: [PATCH] Fix false overlapped components detection on 32-bit systems.

 32-bit systems with ZIP64_SUPPORT enabled could have different
 size types for zoff_t and zusz_t. That resulted in bad parameter
 passing to the bound tracking functions, itself due to the lack of
 use of C function prototypes in unzip. This commit assures that
 parameters are cast properly for those calls.

 This problem occurred only for ill-chosen make options, which give
 a 32-bit zoff_t. A proper build will result in a zoff_t of 64 bits,
 even on 32-bit systems.
 ---
 extract.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

 diff --git a/extract.c b/extract.c
 index 1b73cb0..d9866f9 100644
 --- a/extract.c
 +++ b/extract.c
 @@ -329,7 +329,7 @@ static ZCONST char Far OverlappedComponents[] =
 
 
 /* A growable list of spans. */
 -typedef zoff_t bound_t;
 +typedef zusz_t bound_t;
 typedef struct {
     bound_t beg;        /* start of the span */
     bound_t end;        /* one past the end of the span */
 @@ -518,7 +518,8 @@ int extract_or_test_files(__G)    /* return PK-type error code */
         return PK_MEM;
     }
     if ((G.extra_bytes != 0 &&
 -         cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
 +         cover_add((cover_t *)G.cover,
 +                   (bound_t)0, (bound_t)G.extra_bytes) != 0) ||
         (G.ecrec.have_ecr64 &&
          cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
                    G.ecrec.ec64_end) != 0) ||
 @@ -1216,7 +1217,7 @@ static int extract_or_test_entrylist(__G__ numchunk,
 
         /* seek_zipf(__G__ pInfo->offset);  */
         request = G.pInfo->offset + G.extra_bytes;
 -        if (cover_within((cover_t *)G.cover, request)) {
 +        if (cover_within((cover_t *)G.cover, (bound_t)request)) {
             Info(slide, 0x401, ((char *)slide,
               LoadFarString(OverlappedComponents)));
             return PK_BOMB;
 -- 
 2.27.0
	From 13f0260beae851f7d5dd96e9ef757d8d6d7daac1 Mon Sep 17 00:00:00 2001
	From: Mark Adler <[email protected]>
	Date: Sun, 9 Feb 2020 07:20:13 -0800
	Subject: [PATCH] Fix false overlapped components detection on 32-bit systems.

	32-bit systems with ZIP64_SUPPORT enabled could have different
	size types for zoff_t and zusz_t. That resulted in bad parameter
	passing to the bound tracking functions, itself due to the lack of
	use of C function prototypes in unzip. This commit assures that
	parameters are cast properly for those calls.

	This problem occurred only for ill-chosen make options, which give
	a 32-bit zoff_t. A proper build will result in a zoff_t of 64 bits,
	even on 32-bit systems.
	---
	extract.c \| 7 ++++---
	1 file changed, 4 insertions(+), 3 deletions(-)

	diff --git a/extract.c b/extract.c
	index 1b73cb0..d9866f9 100644
	--- a/extract.c
	+++ b/extract.c
	@@ -329,7 +329,7 @@ static ZCONST char Far OverlappedComponents[] =


	/* A growable list of spans. */
	-typedef zoff_t bound_t;
	+typedef zusz_t bound_t;
	typedef struct {
	bound_t beg; /* start of the span */
	bound_t end; /* one past the end of the span */
	@@ -518,7 +518,8 @@ int extract_or_test_files(__G) /* return PK-type error code */
	return PK_MEM;
	}
	if ((G.extra_bytes != 0 &&
	- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) \|\|
	+ cover_add((cover_t *)G.cover,
	+ (bound_t)0, (bound_t)G.extra_bytes) != 0) \|\|
	(G.ecrec.have_ecr64 &&
	cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
	G.ecrec.ec64_end) != 0) \|\|
	@@ -1216,7 +1217,7 @@ static int extract_or_test_entrylist(__G__ numchunk,

	/* seek_zipf(__G__ pInfo->offset); */
	request = G.pInfo->offset + G.extra_bytes;
	- if (cover_within((cover_t *)G.cover, request)) {
	+ if (cover_within((cover_t *)G.cover, (bound_t)request)) {
	Info(slide, 0x401, ((char *)slide,
	LoadFarString(OverlappedComponents)));
	return PK_BOMB;
	--
	2.27.0