From 895137c7d79ac80f36f45141691664422c95a0d0 Mon Sep 17 00:00:00 2001 From: Jean-Louis Date: Thu, 24 Dec 2020 11:39:59 +0100 Subject: [PATCH] Fix unzip max buffer length error --- code/Common/ZipArchiveIOSystem.cpp | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/code/Common/ZipArchiveIOSystem.cpp b/code/Common/ZipArchiveIOSystem.cpp index b8272db89..407601220 100644 --- a/code/Common/ZipArchiveIOSystem.cpp +++ b/code/Common/ZipArchiveIOSystem.cpp @@ -217,10 +217,25 @@ ZipFile *ZipFileInfo::Extract(unzFile zip_handle) const { ZipFile *zip_file = new ZipFile(m_Size); - if (unzReadCurrentFile(zip_handle, zip_file->m_Buffer.get(), static_cast(m_Size)) != static_cast(m_Size)) { - // Failed, release the memory - delete zip_file; - zip_file = nullptr; + // Unzip has a limit of UINT16_MAX bytes buffer + std::unique_ptr unzipBuffer = std::unique_ptr(new uint8_t[UINT16_MAX]); + size_t readCount = 0; + while (readCount < zip_file->m_Size) { + size_t bufferSize = zip_file->m_Size - readCount; + if (bufferSize > UINT16_MAX) { + bufferSize = UINT16_MAX; + } + + int ret = unzReadCurrentFile(zip_handle, unzipBuffer.get(), static_cast(bufferSize)); + if (ret != static_cast(bufferSize)) { + // Failed, release the memory + delete zip_file; + zip_file = nullptr; + break; + } + + std::memcpy(zip_file->m_Buffer.get() + readCount, unzipBuffer.get(), ret); + readCount += ret; } ai_assert(unzCloseCurrentFile(zip_handle) == UNZ_OK);