From cdd485bc519e09aeadc138a6a3002b10bf47c12c Mon Sep 17 00:00:00 2001 From: Tim Kientzle Date: Sun, 19 Jun 2016 14:34:37 -0700 Subject: [PATCH] Issue 717: Fix integer overflow when computing location of volume descriptor The multiplication here defaulted to 'int' but calculations of file positions should always use int64_t. A simple cast suffices to fix this since the base location is always 32 bits for ISO, so multiplying by the sector size will never overflow a 64-bit integer. --- libarchive/archive_read_support_format_iso9660.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c index fac2404..4ed3935 100644 --- a/libarchive/archive_read_support_format_iso9660.c +++ b/libarchive/archive_read_support_format_iso9660.c @@ -1143,7 +1143,7 @@ archive_read_format_iso9660_read_header(struct archive_read *a, /* This condition is unlikely; by way of caution. */ vd = &(iso9660->joliet); - skipsize = LOGICAL_BLOCK_SIZE * vd->location; + skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location; skipsize = __archive_read_skip(a, skipsize); if (skipsize < 0) return ((int)skipsize); @@ -1180,7 +1180,7 @@ archive_read_format_iso9660_read_header(struct archive_read *a, && iso9660->seenJoliet) { /* Switch reading data from primary to joliet. */ vd = &(iso9660->joliet); - skipsize = LOGICAL_BLOCK_SIZE * vd->location; + skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location; skipsize -= iso9660->current_position; skipsize = __archive_read_skip(a, skipsize); if (skipsize < 0) -- 2.7.4