Initial review shows several problems:
* chm_http.c doesn't check return value of fgets()
* chm_http.c and lzx.c doesn't check return values of malloc (possible null pointer dereference)
* extract_chmLib.c uses stat() resulting in TOCTOU (time of check/time of use) vulnerability (specifically possibility of directory symlink attacks)
* chm_lib.c has unsigned int assignment to signed int (line 1353)
* chm_lib.c doesn't always check for cmpLen < 0, which causes read/pread to be called with negative length (logic error, probably not exploitable)
* chm_lib.c doesn't check return values of read/pread
I could continue reviewing, but after spending the time with the code I did, I don't have a lot of confidence in it.
Initial review shows several problems:
* chm_http.c doesn't check return value of fgets()
* chm_http.c and lzx.c doesn't check return values of malloc (possible null pointer dereference)
* extract_chmLib.c uses stat() resulting in TOCTOU (time of check/time of use) vulnerability (specifically possibility of directory symlink attacks)
* chm_lib.c has unsigned int assignment to signed int (line 1353)
* chm_lib.c doesn't always check for cmpLen < 0, which causes read/pread to be called with negative length (logic error, probably not exploitable)
* chm_lib.c doesn't check return values of read/pread
I could continue reviewing, but after spending the time with the code I did, I don't have a lot of confidence in it.