You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
records should definitely be >= since there is an additional end record. I think the size needs to account for directoryEndLen extra bytes. I don't see why offset needs to be >= however. So I propose this set of rules:
if records > uint16max-1 || size > uint32max-directoryEndLen || offset > uint32max
In the zip format encoding, the ^0 value means "there is a bigger value encoded next". If you encode offset 0xFFFFFFFF meaning 0xFFFFFFFF, a decoder will see it as "there's a 64-bit value coming next". If the encoding does not include that 64-bit value, the decoder will get confused. See CL 18317 for an example of this with the file data size field.
archive/zip/writer.go says:
but each of these > should probably be >=.
See the similar bug fixed in https://go-review.googlesource.com/#/c/18317/ for writing data files of size uint32max.
The text was updated successfully, but these errors were encountered: