|author||Giovanni <email@example.com>||Fri Sep 10 23:53:36 2021 +0200|
|committer||GitHub <firstname.lastname@example.org>||Fri Sep 10 23:53:36 2021 +0200|
Use after free when fseeko fails In _zip_stdio_op_create_temp_output_cloning when fseeko fails the temp value gets freed but then the freed pointer is assigned to ctx->tmpname.
This is libzip, a C library for reading, creating, and modifying zip and zip64 archives. Files can be added from data buffers, files, or compressed data copied directly from other zip archives. Changes made without closing the archive can be reverted. Decryption and encryption of Winzip AES and legacy PKware encrypted files is supported. The API is documented by man pages.
libzip is fully documented via man pages. HTML versions of the man pages are on libzip.org and in the man directory. You can start with libzip(3), which lists all others. Example source code is in the examples and src subdirectories.
If you have developed an application using libzip, you can find out about API changes and how to adapt your code for them in the included file API-CHANGES.md.
See the INSTALL.md file for installation instructions and dependencies.
If you make a binary distribution, please include a pointer to the distribution site:
The latest version can always be found there. The official repository is at github.
There is a mailing list for developers using libzip. You can subscribe to it by sending a mail with the subject “subscribe libzip-discuss” to minimalist at nih.at. List mail should be sent to libzip-discuss at nih.at. Use this for bug reports or questions.
If you want to reach the authors in private, use email@example.com.