Fail with negative lha->compsize in lha_read_file_header_1()

author Martin Matuska <martin@matuska.org>

Thu, 19 Jan 2017 21:00:18 +0000 (22:00 +0100)

committer Martin Matuska <martin@matuska.org>

Thu, 19 Jan 2017 21:00:18 +0000 (22:00 +0100)
author Martin Matuska <martin@matuska.org>
Thu, 19 Jan 2017 21:00:18 +0000 (22:00 +0100)
committer Martin Matuska <martin@matuska.org>
Thu, 19 Jan 2017 21:00:18 +0000 (22:00 +0100)
diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c

index 52a5531b0ff94023de8a50136449818056ad7578..d77a7c2e4766b15f868f4eb1abc095edaed530e8 100644 (file)
--- a/libarchive/archive_read_support_format_lha.c
+++ b/libarchive/archive_read_support_format_lha.c
@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
         /* Get a real compressed file size. */
         lha->compsize -= extdsize - 2;
  
+       if (lha->compsize < 0)
+               goto invalid;   /* Invalid compressed file size */
+
         if (sum_calculated != headersum) {
                 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
                     "LHa header sum error");
author	Martin Matuska <martin@matuska.org>
	Thu, 19 Jan 2017 21:00:18 +0000 (22:00 +0100)
committer	Martin Matuska <martin@matuska.org>
	Thu, 19 Jan 2017 21:00:18 +0000 (22:00 +0100)