From aef9a25b3200457c16846b046222fb2c7967afe0 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Mon, 16 Sep 2024 23:19:46 +0200 Subject: [PATCH] lzmainfo: Avoid integer overflow The MB output can overflow with huge numbers. Most likely these are invalid .lzma files anyway, but let's avoid garbage output. lzmadec was adapted from LZMA Utils. The original code with this bug was written in 2005, over 19 years ago. Co-authored-by: Lasse Collin Closes: https://github.com/tukaani-project/xz/pull/144 (cherry picked from commit 76cfd0a9bb33ae8e534b1f73f6359dc825589f2f) --- src/lzmainfo/lzmainfo.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/lzmainfo/lzmainfo.c b/src/lzmainfo/lzmainfo.c index 2550b1f1..d917f371 100644 --- a/src/lzmainfo/lzmainfo.c +++ b/src/lzmainfo/lzmainfo.c @@ -149,8 +149,7 @@ lzmainfo(const char *name, FILE *f) printf("Unknown"); else printf("%" PRIu64 " MB (%" PRIu64 " bytes)", - (uncompressed_size + 512 * 1024) - / (1024 * 1024), + (uncompressed_size / 1024 + 512) / 1024, uncompressed_size); lzma_options_lzma *opt = filter.options; @@ -160,7 +159,7 @@ lzmainfo(const char *name, FILE *f) "Literal context bits (lc): %" PRIu32 "\n" "Literal pos bits (lp): %" PRIu32 "\n" "Number of pos bits (pb): %" PRIu32 "\n", - (opt->dict_size + 512 * 1024) / (1024 * 1024), + (opt->dict_size / 1024 + 512) / 1024, my_log2(opt->dict_size), opt->lc, opt->lp, opt->pb); free(opt);