Potential buffer overflow in SFXSetup/SfxSetup.cpp

A free file archiver for extremely high compression

Brought to you by: ipavlov

#2628 Potential buffer overflow in SFXSetup/SfxSetup.cpp

Milestone: None

Status: open-accepted

Owner: Igor Pavlov

Labels: vulnerability (7) bug (22)

Priority: 5

Updated: 2026-02-25

Created: 2026-02-24

Creator: Serg G. Brester

Private: No

Changes of v.26.00 on CPP\7zip\Bundles\SFXSetup\SfxSetup.cpp in function ReadDataString introduce potential BO on context variable buffer.

Bug detailed description:

Memory copy function may overflow the destination buffer in certain circumstances (depending on "foreign" input read from inFile).
More details:
https://sonarcloud.io/project/issues?pullRequest=468&open=AZxo8WNdD7FB2mcciWZO&id=mcmilk_7-Zip-zstd

Possible solution:

https://github.com/mcmilk/7-Zip-zstd/pull/468/changes/f4efd0f2d960b18fd51a894d04b5eadebf8c270b
Details:
https://github.com/mcmilk/7-Zip-zstd/pull/468#issuecomment-3947594135

Discussion

Igor Pavlov - 2026-02-25

status: open --> open-accepted

Group: -->
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Pavlov - 2026-02-25

The fix is correct.
Thanks for report!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.