1 |
luigiwalser |
409186 |
From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Tim Kientzle <kientzle@acm.org> |
3 |
|
|
Date: Fri, 22 Mar 2013 23:48:41 -0700 |
4 |
|
|
Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a |
5 |
|
|
certain common programming error (passing -1 to write) from leading to other |
6 |
|
|
problems deeper in the library. |
7 |
|
|
|
8 |
|
|
--- |
9 |
|
|
libarchive/archive_write.c | 5 +++++ |
10 |
|
|
1 file changed, 5 insertions(+) |
11 |
|
|
|
12 |
|
|
diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c |
13 |
|
|
index eede5e0..be85621 100644 |
14 |
|
|
--- a/libarchive/archive_write.c |
15 |
|
|
+++ b/libarchive/archive_write.c |
16 |
|
|
@@ -459,8 +459,13 @@ struct archive_write_filter * |
17 |
|
|
_archive_write_data(struct archive *_a, const void *buff, size_t s) |
18 |
|
|
{ |
19 |
|
|
struct archive_write *a = (struct archive_write *)_a; |
20 |
|
|
+ const size_t max_write = INT_MAX; |
21 |
|
|
+ |
22 |
|
|
__archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, |
23 |
|
|
ARCHIVE_STATE_DATA, "archive_write_data"); |
24 |
|
|
+ /* In particular, this catches attempts to pass negative values. */ |
25 |
|
|
+ if (s > max_write) |
26 |
|
|
+ s = max_write; |
27 |
|
|
archive_clear_error(&a->archive); |
28 |
|
|
return ((a->format_write_data)(a, buff, s)); |
29 |
|
|
} |
30 |
|
|
-- |
31 |
|
|
1.8.1.5 |
32 |
|
|
|