From 76cfd0a9bb33ae8e534b1f73f6359dc825589f2f Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 16 Sep 2024 23:19:46 +0200
Subject: [PATCH] lzmainfo: Avoid integer overflow

The MB output can overflow with huge numbers. Most likely these are
invalid .lzma files anyway, but let's avoid garbage output.

lzmadec was adapted from LZMA Utils. The original code with this bug
was written in 2005, over 19 years ago.

Co-authored-by: Lasse Collin <lasse.collin@tukaani.org>
Closes: https://github.com/tukaani-project/xz/pull/144
---
 src/lzmainfo/lzmainfo.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/lzmainfo/lzmainfo.c b/src/lzmainfo/lzmainfo.c
index 2550b1f1..d917f371 100644
--- a/src/lzmainfo/lzmainfo.c
+++ b/src/lzmainfo/lzmainfo.c
@@ -149,8 +149,7 @@ lzmainfo(const char *name, FILE *f)
 		printf("Unknown");
 	else
 		printf("%" PRIu64 " MB (%" PRIu64 " bytes)",
-				(uncompressed_size + 512 * 1024)
-					/ (1024 * 1024),
+				(uncompressed_size / 1024 + 512) / 1024,
 				uncompressed_size);
 
 	lzma_options_lzma *opt = filter.options;
@@ -160,7 +159,7 @@ lzmainfo(const char *name, FILE *f)
 			"Literal context bits (lc):     %" PRIu32 "\n"
 			"Literal pos bits (lp):         %" PRIu32 "\n"
 			"Number of pos bits (pb):       %" PRIu32 "\n",
-			(opt->dict_size + 512 * 1024) / (1024 * 1024),
+			(opt->dict_size / 1024 + 512) / 1024,
 			my_log2(opt->dict_size), opt->lc, opt->lp, opt->pb);
 
 	free(opt);