diff options
| -rw-r--r-- | common/unzip.cpp | 35 | ||||
| -rw-r--r-- | gui/ThemeEngine.cpp | 6 |
2 files changed, 31 insertions, 10 deletions
diff --git a/common/unzip.cpp b/common/unzip.cpp index cd5d37f4bd..7b78da0faf 100644 --- a/common/unzip.cpp +++ b/common/unzip.cpp @@ -1470,11 +1470,13 @@ int ZipArchive::listMembers(Common::ArchiveMemberList &list) { while (err == UNZ_OK) { char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1]; - unzGetCurrentFileInfo(_zipFile, NULL, - szCurrentFileName, sizeof(szCurrentFileName)-1, - NULL, 0, NULL, 0); - list.push_back(ArchiveMemberList::value_type(new GenericArchiveMember(szCurrentFileName, this))); - matches++; + if (unzGetCurrentFileInfo(_zipFile, NULL, + szCurrentFileName, sizeof(szCurrentFileName)-1, + NULL, 0, NULL, 0) == UNZ_OK) { + list.push_back(ArchiveMemberList::value_type(new GenericArchiveMember(szCurrentFileName, this))); + matches++; + } + err = unzGoToNextFile(_zipFile); } @@ -1493,18 +1495,31 @@ Common::SeekableReadStream *ZipArchive::createReadStreamForMember(const Common:: return 0; unz_file_info fileInfo; - unzOpenCurrentFile(_zipFile); - unzGetCurrentFileInfo(_zipFile, &fileInfo, NULL, 0, NULL, 0, NULL, 0); + if (unzOpenCurrentFile(_zipFile) != UNZ_OK) + return 0; + + if (unzGetCurrentFileInfo(_zipFile, &fileInfo, NULL, 0, NULL, 0, NULL, 0) != UNZ_OK) + return 0; + byte *buffer = (byte *)malloc(fileInfo.uncompressed_size); assert(buffer); - unzReadCurrentFile(_zipFile, buffer, fileInfo.uncompressed_size); - unzCloseCurrentFile(_zipFile); + + if (unzReadCurrentFile(_zipFile, buffer, fileInfo.uncompressed_size) != (int)fileInfo.uncompressed_size) { + free(buffer); + return 0; + } + + if (unzCloseCurrentFile(_zipFile) != UNZ_OK) { + free(buffer); + return 0; + } + return new Common::MemoryReadStream(buffer, fileInfo.uncompressed_size, DisposeAfterUse::YES); // FIXME: instead of reading all into a memory stream, we could // instead create a new ZipStream class. But then we have to be // careful to handle the case where the client code opens multiple - // files in the archive and tries to use them indepenendtly. + // files in the archive and tries to use them independently. } Archive *makeZipArchive(const String &name) { diff --git a/gui/ThemeEngine.cpp b/gui/ThemeEngine.cpp index 82104eb7ae..2f9c7ae279 100644 --- a/gui/ThemeEngine.cpp +++ b/gui/ThemeEngine.cpp @@ -1502,6 +1502,12 @@ Common::String ThemeEngine::genLocalizedFontFilename(const Common::String &filen *********************************************************/ bool ThemeEngine::themeConfigParseHeader(Common::String header, Common::String &themeName) { + // Check that header is not corrupted + if (header[0] < 0 || header[0] > 127) { + warning("Corrupted theme header found"); + return false; + } + header.trim(); if (header.empty()) |