commit 1d7f6855d31063fbabce21f9940c9d4a6eb6a09b
author Dieter Baron <dillo@nih.at> Thu Dec 08 11:56:44 2016 +0100
committer Dieter Baron <dillo@nih.at> Thu Dec 08 11:56:44 2016 +0100
tree 8aee5f34ca9d82d81d33a4fdc16fe49e8efa88d5
parent 97235f0d1dc6803719174bc0f6578f73bb0afc26

Fix warnings, catch integer overflow.

Unused variables, missing integer casts (and overflow check).

lib/zip_dirent.c

diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
index 6fcc6c7..34762d4 100644
--- a/lib/zip_dirent.c
+++ b/lib/zip_dirent.c
@@ -622,11 +622,10 @@
 _zip_dirent_process_winzip_aes(zip_dirent_t *de, zip_error_t *error)
 {
     zip_uint16_t ef_len;
-    zip_uint32_t ef_crc;
     zip_buffer_t *buffer;
     const zip_uint8_t *ef;
     bool crc_valid;
-    zip_int32_t enc_method;
+    zip_uint16_t enc_method;
 
 
     if (de->comp_method != ZIP_CM_WINZIP_AES) {

lib/zip_open.c

diff --git a/lib/zip_open.c b/lib/zip_open.c
index b6cbf5f..ff84a83 100644
--- a/lib/zip_open.c
+++ b/lib/zip_open.c
@@ -375,8 +375,6 @@
         zip_int64_t entry_size;
 
 	if (i == cd->nentry) {
-	    zip_uint8_t *data;
-
 	    /* InfoZIP has a hack to avoid using Zip64: it stores nentries % 0x10000 */
 	    /* This hack isn't applicable if we're using Zip64, or if there is no central directory entry following. */
 

lib/zip_source_winzip_aes.c

diff --git a/lib/zip_source_winzip_aes.c b/lib/zip_source_winzip_aes.c
index 66a6a00..b73cfe1 100644
--- a/lib/zip_source_winzip_aes.c
+++ b/lib/zip_source_winzip_aes.c
@@ -127,7 +127,6 @@
     zip_uint8_t password_verification[PWD_VER_LENGTH];
     zip_uint8_t headerlen;
     zip_int64_t n;
-    unsigned char key[16];
 
     headerlen = PWD_VER_LENGTH + salt_length[ctx->mode];
     if ((n=zip_source_read(src, header, headerlen)) < 0) {

src/ziptool.c

diff --git a/src/ziptool.c b/src/ziptool.c
index a0f4be4..a3e72ce 100644
--- a/src/ziptool.c
+++ b/src/ziptool.c
@@ -644,25 +644,29 @@
 static zip_t *
 read_from_file(const char *archive, int flags, zip_error_t *error, zip_uint64_t offset, zip_uint64_t length)
 {
-    zip_t *za;
+    zip_t *zaa;
     zip_source_t *source;
     int err;
 
     if (offset == 0 && length == 0) {
-	if ((za= zip_open(archive, flags, &err)) == NULL) {
+	if ((zaa = zip_open(archive, flags, &err)) == NULL) {
 	    zip_error_set(error, err, errno);
 	    return NULL;
 	}
     }
     else {
-	if ((source = zip_source_file_create(archive, offset, length, error)) == NULL
-	    || (za = zip_open_from_source(source, flags, error)) == NULL) {
+        if (length > ZIP_INT64_MAX) {
+            zip_error_set(error, ZIP_ER_INVAL, 0);
+            return NULL;
+        }
+	if ((source = zip_source_file_create(archive, offset, (zip_int64_t)length, error)) == NULL
+	    || (zaa = zip_open_from_source(source, flags, error)) == NULL) {
 	    zip_source_free(source);
 	    return NULL;
 	}
     }
 
-    return za;
+    return zaa;
 }