Fix infinite loop when scanning some DMG archives

When decompressing a zlib stream, it's possible to reach end of stream before running out of available bytes. In the DMG parser, this may cause an infinite loop. This commit adds a check for the condition where stream has ended before running out of input. Fixes: #925
Cisco-Talos · Aug 17, 2023 · 35e5f3a · 35e5f3a
1 parent a6501dd
commit 35e5f3a
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/libclamav/hfsplus.c b/libclamav/hfsplus.c
@@ -1323,6 +1323,11 @@ static cl_error_t hfsplus_walk_catalog(cli_ctx *ctx, hfsPlusVolumeHeader *volHea
                                                         stream.next_out  = uncompressed_block;
 
                                                         extracted_file = true;
+
+                                                        if (stream.avail_in > 0 && Z_STREAM_END == z_ret) {
+                                                            cli_dbgmsg("hfsplus_walk_catalog: Reached end of stream even though there's still some available bytes left!\n");
+                                                            break;
+                                                        }
                                                     }
                                                 } else {
                                                     if (cli_writen(ofd, &block[streamBeginning ? 1 : 0], readLen - (streamBeginning ? 1 : 0)) != readLen - (streamBeginning ? 1 : 0)) {