Fix out of bound access in libziparchive am: 1ee4892e66 Change-Id: I26b48df5a9d39933b90ac063172b4b4ae8428bfd

commit: c24dd976544cfd0eed88797d4b0195b9b5614b26 [log] [tgz]
author: Tianjie Xu <xunchang@google.com> Fri Oct 07 00:04:29 2016 +0000
committer: android-build-merger <android-build-merger@google.com> Fri Oct 07 00:04:29 2016 +0000
tree: d977fbd43808b8e55f2958f98ce7da8610d4e3ea
parent: b5f75c458270fc49ea4c61ed7126155531c5ca63 [diff]
parent: 1ee4892e66ba314131b7ecf17e98bb1762c4b84c [diff]
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc
index 87dac0e..54d866c 100644
--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc

@@ -501,9 +501,14 @@
    * Grab the CD offset and size, and the number of entries in the
    * archive and verify that they look reasonable.
    */
-  if (eocd->cd_start_offset + eocd->cd_size > eocd_offset) {
+  if (static_cast<off64_t>(eocd->cd_start_offset) + eocd->cd_size > eocd_offset) {
     ALOGW("Zip: bad offsets (dir %" PRIu32 ", size %" PRIu32 ", eocd %" PRId64 ")",
         eocd->cd_start_offset, eocd->cd_size, static_cast<int64_t>(eocd_offset));
+#if defined(__ANDROID__)
+    if (eocd->cd_start_offset + eocd->cd_size <= eocd_offset) {
+      android_errorWriteLog(0x534e4554, "31251826");
+    }
+#endif
     return kInvalidOffset;
   }
   if (eocd->num_records == 0) {
commit	c24dd976544cfd0eed88797d4b0195b9b5614b26	[log] [tgz]
author	Tianjie Xu <xunchang@google.com>	Fri Oct 07 00:04:29 2016 +0000
committer	android-build-merger <android-build-merger@google.com>	Fri Oct 07 00:04:29 2016 +0000
tree	d977fbd43808b8e55f2958f98ce7da8610d4e3ea
parent	b5f75c458270fc49ea4c61ed7126155531c5ca63 [diff]
parent	1ee4892e66ba314131b7ecf17e98bb1762c4b84c [diff]