Fix truncation of size values during 7zip archive extraction on 32bit architectures

diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
index 6ce9d1a0e1bb23a542625892ae7fcf6f45cc0f95..f98566a359850504454728e62054c018361a8104 100644 (file)
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -808,8 +808,12 @@ archive_read_format_7zip_read_data(struct archive_read *a,
        if (zip->end_of_entry)
                return (ARCHIVE_EOF);
 
-       bytes = read_stream(a, buff,
-               (size_t)zip->entry_bytes_remaining, 0);
+       const uint64_t max_read_size = 16 * 1024 * 1024;  // Don't try to read more than 16 MB at a time
+       size_t bytes_to_read = max_read_size;
+       if ((uint64_t)bytes_to_read > zip->entry_bytes_remaining) {
+               bytes_to_read = zip->entry_bytes_remaining;
+       }
+       bytes = read_stream(a, buff, bytes_to_read, 0);
        if (bytes < 0)
                return ((int)bytes);
        if (bytes == 0) {
@@ -3031,10 +3035,10 @@ extract_pack_stream(struct archive_read *a, size_t minimum)
                            "Truncated 7-Zip file body");
                        return (ARCHIVE_FATAL);
                }
-               if (bytes_avail > (ssize_t)zip->pack_stream_inbytes_remaining)
+               if ((uint64_t)bytes_avail > zip->pack_stream_inbytes_remaining)
                        bytes_avail = (ssize_t)zip->pack_stream_inbytes_remaining;
                zip->pack_stream_inbytes_remaining -= bytes_avail;
-               if (bytes_avail > (ssize_t)zip->folder_outbytes_remaining)
+               if ((uint64_t)bytes_avail > zip->folder_outbytes_remaining)
                        bytes_avail = (ssize_t)zip->folder_outbytes_remaining;
                zip->folder_outbytes_remaining -= bytes_avail;
                zip->uncompressed_buffer_bytes_remaining = bytes_avail;