root/xz
1
0
Fork 0
mirror of https://git.tukaani.org/xz.git synced 2026-03-28 21:01:22 +00:00
Code Issues Releases Wiki Activity

xz: Prevent an integer overflow in --files and --files0

Browse Source 
This requires a filename (or something that pretends to be a filename)
of at least 2 GiB on a 32-bit platform, and that realloc() to
SIZE_MAX / 2 + 1 bytes has succeeded.

Fixes: https://github.com/tukaani-project/xz/pull/218
This commit is contained in:
Lasse Collin 2026-03-25 19:03:00 +02:00
parent 2faa141bdb
commit 0ac3b93387
No known key found for this signature in database
GPG Key ID: 38EE757D69184620
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/xz/main.c
View File

@ -134,6 +134,16 @@ read_name(const args_info *args)
// at least for one character to allow terminating the string // at least for one character to allow terminating the string
// with '\0'. // with '\0'.
if (pos == size) { if (pos == size) {
// Prevent an integer overflow. This is only possible
// if allocating SIZE_MAX / 2 + 1 bytes has already
// succeeded.
//
// Use ENOMEM to for the error message to avoid adding
// a translatable string that will (almost) never be
// displayed in practice.
if (size > SIZE_MAX / 2)
message_fatal("%s", strerror(ENOMEM));
size *= 2; size *= 2;
name = xrealloc(name, size); name = xrealloc(name, size);
} }