mirror of https://git.tukaani.org/xz.git
lzmainfo: Avoid integer overflow
The MB output can overflow with huge numbers. Most likely these are invalid .lzma files anyway, but let's avoid garbage output. lzmadec was adapted from LZMA Utils. The original code with this bug was written in 2005, over 19 years ago. Co-authored-by: Lasse Collin <lasse.collin@tukaani.org> Closes: https://github.com/tukaani-project/xz/pull/144
This commit is contained in:
parent
78355aebb7
commit
76cfd0a9bb
|
@ -149,8 +149,7 @@ lzmainfo(const char *name, FILE *f)
|
||||||
printf("Unknown");
|
printf("Unknown");
|
||||||
else
|
else
|
||||||
printf("%" PRIu64 " MB (%" PRIu64 " bytes)",
|
printf("%" PRIu64 " MB (%" PRIu64 " bytes)",
|
||||||
(uncompressed_size + 512 * 1024)
|
(uncompressed_size / 1024 + 512) / 1024,
|
||||||
/ (1024 * 1024),
|
|
||||||
uncompressed_size);
|
uncompressed_size);
|
||||||
|
|
||||||
lzma_options_lzma *opt = filter.options;
|
lzma_options_lzma *opt = filter.options;
|
||||||
|
@ -160,7 +159,7 @@ lzmainfo(const char *name, FILE *f)
|
||||||
"Literal context bits (lc): %" PRIu32 "\n"
|
"Literal context bits (lc): %" PRIu32 "\n"
|
||||||
"Literal pos bits (lp): %" PRIu32 "\n"
|
"Literal pos bits (lp): %" PRIu32 "\n"
|
||||||
"Number of pos bits (pb): %" PRIu32 "\n",
|
"Number of pos bits (pb): %" PRIu32 "\n",
|
||||||
(opt->dict_size + 512 * 1024) / (1024 * 1024),
|
(opt->dict_size / 1024 + 512) / 1024,
|
||||||
my_log2(opt->dict_size), opt->lc, opt->lp, opt->pb);
|
my_log2(opt->dict_size), opt->lc, opt->lp, opt->pb);
|
||||||
|
|
||||||
free(opt);
|
free(opt);
|
||||||
|
|
Loading…
Reference in New Issue