Skip to content

Commit

Permalink
Patch UnRAR: limit dict winsize to 1GB
Browse files Browse the repository at this point in the history
Prevent allocating more than 1GB regardless of what is requested.
RAR dictionary sizes may not be larger than 1GB, at least in the current
version.

This is a cherry-pick of commit 9b444e7
  • Loading branch information
micahsnyder committed Oct 20, 2023
1 parent 83daccb commit a2b02e2
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions libclamunrar/unpack.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,12 @@ void Unpack::Init(size_t WinSize,bool Solid)
if ((WinSize>>16)>0x10000) // Window size must not exceed 4 GB.
return;

// Unrar does not support window size greather than 1GB at this time.
// Any request for a window larger than 1GB should be ignored.
const size_t MaxAllocSize=0x40000000;
if (WinSize>MaxAllocSize)
WinSize=MaxAllocSize;

// Archiving code guarantees that window size does not grow in the same
// solid stream. So if we are here, we are either creating a new window
// or increasing the size of non-solid window. So we could safely reject
Expand Down Expand Up @@ -265,7 +271,7 @@ void Unpack::MakeDecodeTables(byte *LengthTable,DecodeTable *Dec,uint Size)
Dec->DecodeLen[I]=(uint)LeftAligned;

// Every item of this array contains the sum of all preceding items.
// So it contains the start position in code list for every bit length.
// So it contains the start position in code list for every bit length.
Dec->DecodePos[I]=Dec->DecodePos[I-1]+LengthCount[I-1];
}

Expand Down Expand Up @@ -328,7 +334,7 @@ void Unpack::MakeDecodeTables(byte *LengthTable,DecodeTable *Dec,uint Size)
uint BitField=Code<<(16-Dec->QuickBits);

// Prepare the table for quick decoding of bit lengths.

// Find the upper limit for current bit field and adjust the bit length
// accordingly if necessary.
while (CurBitLength<ASIZE(Dec->DecodeLen) && BitField>=Dec->DecodeLen[CurBitLength])
Expand Down

0 comments on commit a2b02e2

Please sign in to comment.