From: Mark Adler <madler@alumni.caltech.edu>
Date: Sat, 1 Jan 2022 20:09:30 +0000 (-0800)
Subject: Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
X-Git-Tag: v1.2.12~8
X-Git-Url: https://git.lizzy.rs/?a=commitdiff_plain;h=58ca4e57ce7d76734d8b5afa03d205f694419b17;p=zlib.git

Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)

The issue is that unztell64() does not return the correct value if
the position in the current file (in the ZIP archive) is beyond 4
GB. The cause is that unzReadCurrentFile() does not account for
pfile_in_zip_read_info->stream.total_out at line 1854 of unzip.c
wrapping around (it is a 32-bit variable). So, on line 1860
uTotalOutAfter can be *less* than uTotalOutBefore, propagating the
wraparound to uOutThis, which in turn is added to
pfile_in_zip_read_info->total_out_64. That has the effect of
subtracting 4 GB.
---

diff --git a/contrib/minizip/unzip.c b/contrib/minizip/unzip.c
index bcfb941..b16a75e 100644
--- a/contrib/minizip/unzip.c
+++ b/contrib/minizip/unzip.c
@@ -1857,6 +1857,9 @@ extern int ZEXPORT unzReadCurrentFile  (unzFile file, voidp buf, unsigned len)
               err = Z_DATA_ERROR;
 
             uTotalOutAfter = pfile_in_zip_read_info->stream.total_out;
+            /* Detect overflow, because z_stream.total_out is uLong (32 bits) */
+            if (uTotalOutAfter<uTotalOutBefore)
+                uTotalOutAfter += 1LL << 32; /* Add maximum value of uLong + 1 */
             uOutThis = uTotalOutAfter-uTotalOutBefore;
 
             pfile_in_zip_read_info->total_out_64 = pfile_in_zip_read_info->total_out_64 + uOutThis;