<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">p7zip: Avoid crashing while decoding certain malformed input

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9296
https://sourceforge.net/p/p7zip/bugs/185/#32aa
https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db
https://trac.macports.org/ticket/52982

Check whether folders.PackPositions is nonnull before accessing it. Fix
developed by Igor Pavlov.

Upstream-Status: Backport [7-Zip 16.03 for Windows]
CVE: CVE-2016-9296
Signed-off-by: Lawrence VelÃ¡zquez &lt;larryv@macports.org&gt;

Index: CPP/7zip/Archive/7z/7zIn.cpp
===================================================================
--- CPP/7zip/Archive/7z/7zIn.cpp.orig
+++ CPP/7zip/Archive/7z/7zIn.cpp
@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
         ThrowIncorrect();
   }
-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
+  if (folders.PackPositions)
+    HeadersSize += folders.PackPositions[folders.NumPackStreams];
   return S_OK;
 }
 
</pre></body></html>