rootvector2 opened a new pull request, #2887: URL: https://github.com/apache/tika/pull/2887
`unmarshalUInt32` in `ChmItsfHeader` and `ChmLzxcControlData` ORs the four little-endian bytes from an untrusted chm without masking each `& 0xff`, so any non-leading byte with bit 7 set is sign-extended and corrupts the value (a `0x8000` size/windowSize/resetInterval field reads back as `-32768`); spotted because the sibling readers in `ChmItspHeader`, `ChmPmgiHeader`, `ChmPmglHeader` and `ChmLzxcResetTable` already mask, so this just brings the two stragglers in line. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
