archive/{zzip,iso9660}: ignore file names which are invalid UTF-8

NEWS

@@ -10,6 +10,8 @@ ver 0.23 (not yet released)
   - proxy: require libmpdclient 2.11 or later
   - proxy: split search into chunks to avoid exceeding the output buffer
   - upnp: support libnpupnp instead of libupnp
+* archive
+  - zzip, iso9660: ignore file names which are invalid UTF-8
 * decoder
   - openmpt: new plugin
   - wavpack: fix WVC file support

src/archive/plugins/Iso9660ArchivePlugin.cxx

@@ -29,6 +29,7 @@
 #include "fs/Path.hxx"
 #include "util/RuntimeError.hxx"
 #include "util/StringCompare.hxx"
+#include "util/UTF8.hxx"
 #include "util/WritableBuffer.hxx"
 
 #include <cdio/iso9660.h>
@@ -102,6 +103,10 @@ Iso9660ArchiveFile::Visit(char *path, size_t length, size_t capacity,
 			/* skip special names like "." and ".." */
 			continue;
 
+		if (!ValidateUTF8(filename))
+			/* ignore file names which are not valid UTF-8 */
+			continue;
+
 		size_t filename_length = strlen(filename);
 		if (length + filename_length + 1 >= capacity)
 			/* file name is too long */

src/archive/plugins/ZzipArchivePlugin.cxx

@@ -29,6 +29,7 @@
 #include "fs/Path.hxx"
 #include "system/Error.hxx"
 #include "util/RuntimeError.hxx"
+#include "util/UTF8.hxx"
 
 #include <zzip/zzip.h>
 
@@ -84,7 +85,7 @@ ZzipArchiveFile::Visit(ArchiveVisitor &visitor)
 	ZZIP_DIRENT dirent;
 	while (zzip_dir_read(dir->dir, &dirent))
 		//add only files
-		if (dirent.st_size > 0)
+		if (dirent.st_size > 0 && ValidateUTF8(dirent.d_name))
 			visitor.VisitArchiveEntry(dirent.d_name);
 }