Skip to content

check whether it exceeds the maximum value of an integer#2773

Merged
skylot merged 3 commits intoskylot:masterfrom
RuffaloLavoisier:provide_overflow
Feb 4, 2026
Merged

check whether it exceeds the maximum value of an integer#2773
skylot merged 3 commits intoskylot:masterfrom
RuffaloLavoisier:provide_overflow

Conversation

@RuffaloLavoisier
Copy link
Copy Markdown
Contributor

@RuffaloLavoisier RuffaloLavoisier commented Feb 3, 2026

This patch addresses a potential integer overflow vulnerability in JADX - ZIP parsing code. When processing maliciously crafted ZIP files, an uncompressedSize value exceeding Integer.MAX_VALUE, causing undefined behavior during array allocation.

skylot
skylot approved these changes Feb 4, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@skylot skylot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.
Although in most cases it shouldn't happen because we have several checks for entry sizes and also default jadx parser not support such big entries (we might need similar check at entry decoding).
Anyway, check is fine, and it is always better to fail earlier with clear error.

skylot
skylot reviewed Feb 4, 2026
View reviewed changes
@skylot skylot merged commit 039900a into skylot:master Feb 4, 2026
2 checks passed
@RuffaloLavoisier RuffaloLavoisier deleted the provide_overflow branch February 7, 2026 02:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skylot skylot skylot approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RuffaloLavoisier @skylot