From ff6def51db86ea2a516739f2dd67f24fa024af4e Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Fri, 23 Feb 2018 12:53:34 +0000
Subject: forcepoint #5 check for short read
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

a zip file within a structured storage stream. underlying storage stream
claims larger size that it can satisfy on read

Change-Id: I8516b12df33ad78b2525192826f5e3aef2622eb8
Reviewed-on: https://gerrit.libreoffice.org/50238
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
---
 package/source/zipapi/ZipFile.cxx | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'package')

diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx
index 6e9351c69f1a..1ef81bf582a5 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -838,11 +838,14 @@ sal_Int32 ZipFile::findEND()
         nEnd = nPos >= 0 ? nPos : 0 ;
 
         aGrabber.seek( nEnd );
-        aGrabber.readBytes ( aBuffer, nLength - nEnd );
+
+        auto nSize = nLength - nEnd;
+        if (nSize != aGrabber.readBytes(aBuffer, nSize))
+            throw ZipException("Zip END signature not found!" );
 
         const sal_Int8 *pBuffer = aBuffer.getConstArray();
 
-        nPos = nLength - nEnd - ENDHDR;
+        nPos = nSize - ENDHDR;
         while ( nPos >= 0 )
         {
             if (pBuffer[nPos] == 'P' && pBuffer[nPos+1] == 'K' && pBuffer[nPos+2] == 5 && pBuffer[nPos+3] == 6 )
-- 
cgit v1.2.3