@simonmichal commented on this pull request.
> @@ -60,6 +60,7 @@ namespace XrdZip
cdSize = *reinterpret_cast<const uint32_t*>( buffer + 12 );
cdOffset = *reinterpret_cast<const uint32_t*>( buffer + 16 );
commentLength = *reinterpret_cast<const uint16_t*>( buffer + 20 );
+ if(maxSize > 0 && (uint32_t)(eocdBaseSize + commentLength) > maxSize) throw bad_data();
Could you please move the `throw` statement to a new line?
> @@ -321,10 +321,17 @@ namespace XrdCl
"End-of-central-directory signature not found." );
Pipeline::Stop( error );
}
+ try{
Are you using a try-catch block only because of the `throw` statement in line 328 (BTW please move it to the next line), if yes then it would make more sense to replace the `throw` directly with a call to `Pipeline::Stop( error )`. On the other hand, if we also want to cover the `EOCD` constructor it would make sense to pass the `maxSize` argument to it (in this case the try-catch block is justified).
--
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/1744#pullrequestreview-1049223176
You are receiving this because you are subscribed to this thread.
Message ID: <[log in to unmask]>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
