From dd2a5c4be6a460636b415792f02e7c8ae62f524e Mon Sep 17 00:00:00 2001
From: Hector Chen <shine751105@gmail.com>
Date: Thu, 21 Feb 2019 09:32:33 +0800
Subject: [PATCH] Fix CVE-2018-13410

---
 zip.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zip.c b/zip.c
index 439821f..f13e2a1 100644
--- a/zip.c
+++ b/zip.c
@@ -1437,7 +1437,7 @@ local void check_zipfile(zipname, zippath)
     /* Replace first {} with archive name.  If no {} append name to string. */
     here = strstr(unzip_path, "{}");
 
-    if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) {
+    if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) {
       ziperr(ZE_MEM, "building command string for testing archive");
     }
 
-- 
2.7.4