From: Xi Wang <xi.wang@gmail.com>
Date: Sun, 20 Jan 2013 23:17:20 +0000 (-0500)
Subject: Fix overflow checking in archive_entry_sparse_add_entry()
X-Git-Tag: v3.1.900a~351^2~12^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F33%2Fhead;p=thirdparty%2Flibarchive.git

Fix overflow checking in archive_entry_sparse_add_entry()

gcc will optimize the overflow check x + y < 0 (assuming x, y >= 0)
into false, since signed integer overflow is undefined behavior in C.
Use a safe precondition check instead.
---

diff --git a/libarchive/archive_entry_sparse.c b/libarchive/archive_entry_sparse.c
index 10c54474a..fed74f512 100644
--- a/libarchive/archive_entry_sparse.c
+++ b/libarchive/archive_entry_sparse.c
@@ -58,7 +58,7 @@ archive_entry_sparse_add_entry(struct archive_entry *entry,
 	if (offset < 0 || length < 0)
 		/* Invalid value */
 		return;
-	if (offset + length < 0 ||
+	if (offset > INT64_MAX - length ||
 	    offset + length > archive_entry_size(entry))
 		/* A value of "length" parameter is too large. */
 		return;