I found that the method CompoundFile.LoadDirectories fail to handle the case where the starting sector of a directory entry is invalid.
With the sample file FTC07.zip, the starting sector of the directory entry #42 is equal to 6553868 which is invalid. Adding the below line to Line 685, we can check directoryEntries[42].StartSetc
Console.WriteLine(directoryEntries[42].StartSetc); // 6553868
We should check de.StartSetc in the method CompoundFile.LoadDirectories. If de.StartSetc is greater than this.sectors.Count, we should raise an exception that the file is invalid.
private void LoadDirectories()
{
List<Sector> directoryChain
= GetSectorChain(header.FirstDirectorySectorID, SectorType.Normal);
if (header.FirstDirectorySectorID == Sector.ENDOFCHAIN)
header.FirstDirectorySectorID = directoryChain[0].Id;
StreamView dirReader
= new StreamView(directoryChain, GetSectorSize(), directoryChain.Count * GetSectorSize(), sourceStream);
while (dirReader.Position < directoryChain.Count * GetSectorSize())
{
IDirectoryEntry de
= DirectoryEntry.New(String.Empty, StgType.StgInvalid, directoryEntries);
//We are not inserting dirs. Do not use 'InsertNewDirectoryEntry'
de.Read(dirReader);
// We should check de.StartSetc here
if(de.StartSetc > sectors.Count)
{
throw new CFException("Compound File is invalid");
}
}
}
Sorry for my bad description about the issue.
Best regards,
Nhut M. Ngo
I found that the method
CompoundFile.LoadDirectoriesfail to handle the case where the starting sector of a directory entry is invalid.With the sample file FTC07.zip, the starting sector of the directory entry #42 is equal to 6553868 which is invalid. Adding the below line to Line 685, we can check
directoryEntries[42].StartSetcConsole.WriteLine(directoryEntries[42].StartSetc); // 6553868We should check
de.StartSetcin the methodCompoundFile.LoadDirectories. Ifde.StartSetcis greater thanthis.sectors.Count, we should raise an exception that the file is invalid.Sorry for my bad description about the issue.
Best regards,
Nhut M. Ngo