File _service:tar_scm:CVE-2022-0530.patch of Package unzip

From 4d9e8cd35d59f05f75cb2d8f05c6e4c9277dcf9c Mon Sep 17 00:00:00 2001
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Tue, 22 Feb 2022 21:04:25 +0000
Subject: [PATCH 1/2] Fix CVE-2022-0530

Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
---
 fileio.c  | 20 +++++++++++++-------
 process.c |  2 ++
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/fileio.c b/fileio.c
index cf995a9..e237272 100644
--- a/fileio.c
+++ b/fileio.c
@@ -2360,16 +2360,22 @@ int do_string(__G__ length, option)   /* return PK-type error code */
                   /* convert UTF-8 to local character set */
                   fn = utf8_to_local_string(G.unipath_filename,
                                             G.unicode_escape_all);
-                  /* make sure filename is short enough */
-                  if (strlen(fn) >= FILNAMSIZ) {
-                    fn[FILNAMSIZ - 1] = '\0';
+                  if (!fn) {
                     Info(slide, 0x401, ((char *)slide,
-                      LoadFarString(UFilenameTooLongTrunc)));
+                      LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
                     error = PK_WARN;
+                  } else {
+                    /* make sure filename is short enough */
+                    if (strlen(fn) >= FILNAMSIZ) {
+                      fn[FILNAMSIZ - 1] = '\0';
+                      Info(slide, 0x401, ((char *)slide,
+                        LoadFarString(UFilenameTooLongTrunc)));
+                      error = PK_WARN;
+                    }
+                    /* replace filename with converted UTF-8 */
+                    strcpy(G.filename, fn);
+                    free(fn);
                   }
-                  /* replace filename with converted UTF-8 */
-                  strcpy(G.filename, fn);
-                  free(fn);
                 }
 # endif /* UNICODE_WCHAR */
                 if (G.unipath_filename != G.filename_full)
diff --git a/process.c b/process.c
index 46abce2..5cba073 100644
--- a/process.c
+++ b/process.c
@@ -2597,6 +2597,8 @@ char *utf8_to_local_string(utf8_string, escape_all)
   int escape_all;
 {
   zwchar *wide = utf8_to_wide_string(utf8_string);
+  if (!wide)
+    return NULL;
   char *loc = wide_to_local_string(wide, escape_all);
   free(wide);
   return loc;
-- 
2.27.0