mtree reader: limit the range of nanoseconds (0 to 999999999)

Prevents a possible integer overflow in archive_entry_set_mtime()

Reported-By:	OSS-Fuzz issue 538

diff --git a/libarchive/archive_read_support_format_mtree.c b/libarchive/archive_read_support_format_mtree.c
index 979a499d157617e4746f4af2f7f143062e746e85..4231ff5002b53ce65d768560881f09f8822b84ca 100644 (file)
--- a/libarchive/archive_read_support_format_mtree.c
+++ b/libarchive/archive_read_support_format_mtree.c
@@ -1608,8 +1608,11 @@ parse_keyword(struct archive_read *a, struct mtree *mtree,
                        if (*val == '.') {
                                ++val;
                                ns = (long)mtree_atol10(&val);
-                       } else
-                               ns = 0;
+                               if (ns < 0)
+                                       ns = 0;
+                               else if (ns > 999999999)
+                                       ns = 999999999;
+                       }
                        if (m > my_time_t_max)
                                m = my_time_t_max;
                        else if (m < my_time_t_min)