| 1 |
From cdd485bc519e09aeadc138a6a3002b10bf47c12c Mon Sep 17 00:00:00 2001 |
| 2 |
From: Tim Kientzle <kientzle@acm.org> |
| 3 |
Date: Sun, 19 Jun 2016 14:34:37 -0700 |
| 4 |
Subject: [PATCH] Issue 717: Fix integer overflow when computing location of |
| 5 |
volume descriptor |
| 6 |
|
| 7 |
The multiplication here defaulted to 'int' but calculations |
| 8 |
of file positions should always use int64_t. A simple cast |
| 9 |
suffices to fix this since the base location is always 32 bits |
| 10 |
for ISO, so multiplying by the sector size will never overflow |
| 11 |
a 64-bit integer. |
| 12 |
--- |
| 13 |
libarchive/archive_read_support_format_iso9660.c | 4 ++-- |
| 14 |
1 file changed, 2 insertions(+), 2 deletions(-) |
| 15 |
|
| 16 |
diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c |
| 17 |
index fac2404..4ed3935 100644 |
| 18 |
--- a/libarchive/archive_read_support_format_iso9660.c |
| 19 |
+++ b/libarchive/archive_read_support_format_iso9660.c |
| 20 |
@@ -1143,7 +1143,7 @@ archive_read_format_iso9660_read_header(struct archive_read *a, |
| 21 |
/* This condition is unlikely; by way of caution. */ |
| 22 |
vd = &(iso9660->joliet); |
| 23 |
|
| 24 |
- skipsize = LOGICAL_BLOCK_SIZE * vd->location; |
| 25 |
+ skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location; |
| 26 |
skipsize = __archive_read_skip(a, skipsize); |
| 27 |
if (skipsize < 0) |
| 28 |
return ((int)skipsize); |
| 29 |
@@ -1180,7 +1180,7 @@ archive_read_format_iso9660_read_header(struct archive_read *a, |
| 30 |
&& iso9660->seenJoliet) { |
| 31 |
/* Switch reading data from primary to joliet. */ |
| 32 |
vd = &(iso9660->joliet); |
| 33 |
- skipsize = LOGICAL_BLOCK_SIZE * vd->location; |
| 34 |
+ skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location; |
| 35 |
skipsize -= iso9660->current_position; |
| 36 |
skipsize = __archive_read_skip(a, skipsize); |
| 37 |
if (skipsize < 0) |
| 38 |
-- |
| 39 |
2.7.4 |
| 40 |
|
Parent Directory
| 
Revision Log
| 
Revision Graph
