lzmainfo: Avoid integer overflow

The MB output can overflow with huge numbers. Most likely these are
invalid .lzma files anyway, but let's avoid garbage output.

lzmadec was adapted from LZMA Utils. The original code with this bug
was written in 2005, over 19 years ago.

Co-authored-by: Lasse Collin <lasse.collin@tukaani.org>
Closes: https://github.com/tukaani-project/xz/pull/144
(cherry picked from commit 76cfd0a9bb33ae8e534b1f73f6359dc825589f2f)

diff --git a/src/lzmainfo/lzmainfo.c b/src/lzmainfo/lzmainfo.c
index 2550b1f1127b96879b4f55f789b2faaa20d2a561..d917f371c3ba7b592d771e469926445a11c73c97 100644 (file)
--- a/src/lzmainfo/lzmainfo.c
+++ b/src/lzmainfo/lzmainfo.c
@@ -149,8 +149,7 @@ lzmainfo(const char *name, FILE *f)
                printf("Unknown");
        else
                printf("%" PRIu64 " MB (%" PRIu64 " bytes)",
-                               (uncompressed_size + 512 * 1024)
-                                       / (1024 * 1024),
+                               (uncompressed_size / 1024 + 512) / 1024,
                                uncompressed_size);
 
        lzma_options_lzma *opt = filter.options;
@@ -160,7 +159,7 @@ lzmainfo(const char *name, FILE *f)
                        "Literal context bits (lc):     %" PRIu32 "\n"
                        "Literal pos bits (lp):         %" PRIu32 "\n"
                        "Number of pos bits (pb):       %" PRIu32 "\n",
-                       (opt->dict_size + 512 * 1024) / (1024 * 1024),
+                       (opt->dict_size / 1024 + 512) / 1024,
                        my_log2(opt->dict_size), opt->lc, opt->lp, opt->pb);
 
        free(opt);