@@ -335,15 +335,21 @@ _compressionMethod = [[OFString alloc] initWithCString: header + 2 encoding: OFStringEncodingASCII length: 5]; + if (_compressedSize > UINT32_MAX || + _uncompressedSize > UINT32_MAX) + @throw [OFOutOfRangeException exception]; + memcpy(&_compressedSize, header + 7, 4); - _compressedSize = OFFromLittleEndian32(_compressedSize); + _compressedSize = + OFFromLittleEndian32((uint32_t)_compressedSize); memcpy(&_uncompressedSize, header + 11, 4); - _uncompressedSize = OFFromLittleEndian32(_uncompressedSize); + _uncompressedSize = + OFFromLittleEndian32((uint32_t)_uncompressedSize); memcpy(&date, header + 15, 4); date = OFFromLittleEndian32(date); _headerLevel = header[20]; @@ -473,16 +479,16 @@ - (OFString *)compressionMethod { return _compressionMethod; } -- (uint32_t)compressedSize +- (unsigned long long)compressedSize { return _compressedSize; } -- (uint32_t)uncompressedSize +- (unsigned long long)uncompressedSize { return _uncompressedSize; } - (OFDate *)modificationDate @@ -557,24 +563,25 @@ getFileNameAndDirectoryName(self, encoding, &fileName, &fileNameLength, &directoryName, &directoryNameLength); if (fileNameLength > UINT16_MAX - 3 || - directoryNameLength > UINT16_MAX - 3) + directoryNameLength > UINT16_MAX - 3 || + _compressedSize > UINT32_MAX || _uncompressedSize > UINT32_MAX) @throw [OFOutOfRangeException exception]; /* Length. Filled in after we're done. */ [data increaseCountBy: 2]; [data addItems: [_compressionMethod cStringWithEncoding: OFStringEncodingASCII] count: 5]; - tmp32 = OFToLittleEndian32(_compressedSize); + tmp32 = OFToLittleEndian32((uint32_t)_compressedSize); [data addItems: &tmp32 count: sizeof(tmp32)]; - tmp32 = OFToLittleEndian32(_uncompressedSize); + tmp32 = OFToLittleEndian32((uint32_t)_uncompressedSize); [data addItems: &tmp32 count: sizeof(tmp32)]; tmp32 = OFToLittleEndian32( (uint32_t)_modificationDate.timeIntervalSince1970); [data addItems: &tmp32 count: sizeof(tmp32)]; @@ -721,12 +728,12 @@ withString: @"\n\t"]; OFString *ret = [OFString stringWithFormat: @"<%@:\n" @"\tFile name = %@\n" @"\tCompression method = %@\n" - @"\tCompressed size = %" @PRIu32 "\n" - @"\tUncompressed size = %" @PRIu32 "\n" + @"\tCompressed size = %llu\n" + @"\tUncompressed size = %llu\n" @"\tModification date = %@\n" @"\tHeader level = %u\n" @"\tCRC16 = %04" @PRIX16 @"\n" @"\tOperating system identifier = %c\n" @"\tComment = %@\n"