You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The reader only checks file size after all the read of compress file is done, however it's possible that a malformed zip file already overflow during the decompress process.
PoC ( you can setup a malformed zip file for sure) :
For golang/go#49791Fixesgolang/go#52283
Change-Id: If0ddb73d06b371cb09f574e29ed2e872076a3e1a
Reviewed-on: https://go-review.googlesource.com/c/mod/+/399774
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Consider this logic from tip.
go/src/archive/zip/reader.go
Lines 229 to 234 in f7e34e7
The reader only checks file size after all the read of compress file is done, however it's possible that a malformed zip file already overflow during the decompress process.
PoC ( you can setup a malformed zip file for sure) :
We need an easy fail-fast while reading the zip file.
The text was updated successfully, but these errors were encountered: