From 5e03f2936996e2bd56fe31cc56ecc69d433c9523 Mon Sep 17 00:00:00 2001 From: Kirk Steuber Date: Wed, 4 May 2016 12:57:21 -0700 Subject: [PATCH] Bug 1269185 - Prevent crashes in Windows when zip files cannot be read. r=spohl MozReview-Commit-ID: 32uEegoKL4J --HG-- extra : transplant_source : %2BN%22%E7%D0%A2%E8%BD%90%A6%E5%F3%F0J%9Ceg%25%FBc --- modules/libjar/nsZipArchive.cpp | 24 +++++++++++++++++++----- modules/libjar/nsZipArchive.h | 2 +- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/modules/libjar/nsZipArchive.cpp b/modules/libjar/nsZipArchive.cpp index aef637eb830c..42d47d718808 100644 --- a/modules/libjar/nsZipArchive.cpp +++ b/modules/libjar/nsZipArchive.cpp @@ -219,7 +219,12 @@ nsresult nsZipHandle::Init(nsIFile *file, nsZipHandle **ret, handle->mFile.Init(file); handle->mTotalLen = (uint32_t) size; handle->mFileStart = buf; - handle->findDataStart(); + rv = handle->findDataStart(); + if (NS_FAILED(rv)) { + PR_MemUnmap(buf, (uint32_t) size); + PR_CloseFileMap(map); + return rv; + } handle.forget(ret); return NS_OK; } @@ -242,7 +247,10 @@ nsresult nsZipHandle::Init(nsZipArchive *zip, const char *entry, handle->mFile.Init(zip, entry); handle->mTotalLen = handle->mBuf->Length(); handle->mFileStart = handle->mBuf->Buffer(); - handle->findDataStart(); + nsresult rv = handle->findDataStart(); + if (NS_FAILED(rv)) { + return rv; + } handle.forget(ret); return NS_OK; } @@ -254,7 +262,10 @@ nsresult nsZipHandle::Init(const uint8_t* aData, uint32_t aLen, handle->mFileStart = aData; handle->mTotalLen = aLen; - handle->findDataStart(); + nsresult rv = handle->findDataStart(); + if (NS_FAILED(rv)) { + return rv; + } handle.forget(aRet); return NS_OK; } @@ -276,12 +287,13 @@ nsresult nsZipHandle::Init(const uint8_t* aData, uint32_t aLen, // sigLength : signature - Signature of the ZIP content. // Signature is created using the RSA // algorighm with the SHA-1 hash function. -void nsZipHandle::findDataStart() +nsresult nsZipHandle::findDataStart() { // In the CRX header, integers are 32 bits. Our pointer to the file is of // type |uint8_t|, which is guaranteed to be 8 bits. const uint32_t CRXIntSize = 4; +MOZ_WIN_MEM_TRY_BEGIN if (mTotalLen > CRXIntSize * 4 && xtolong(mFileStart) == kCRXMagic) { const uint8_t* headerData = mFileStart; headerData += CRXIntSize * 2; // Skip magic number and version number @@ -292,11 +304,13 @@ void nsZipHandle::findDataStart() if (mTotalLen > headerSize) { mLen = mTotalLen - headerSize; mFileData = mFileStart + headerSize; - return; + return NS_OK; } } mLen = mTotalLen; mFileData = mFileStart; +MOZ_WIN_MEM_TRY_CATCH(return NS_ERROR_FAILURE) + return NS_OK; } int64_t nsZipHandle::SizeOfMapping() diff --git a/modules/libjar/nsZipArchive.h b/modules/libjar/nsZipArchive.h index defd3dac2838..2de67903277f 100644 --- a/modules/libjar/nsZipArchive.h +++ b/modules/libjar/nsZipArchive.h @@ -416,7 +416,7 @@ private: nsZipHandle(); ~nsZipHandle(); - void findDataStart(); + nsresult findDataStart(); PRFileMap * mMap; /* nspr datastructure for mmap */ mozilla::AutoFDClose mNSPRFileDesc;