From: Martin Matuska <martin@matuska.org>
Date: Tue, 7 Feb 2017 23:23:08 +0000 (+0100)
Subject: mtree reader: limit the range of nanoseconds (0 to 999999999)
X-Git-Tag: v3.3.0~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3bd0b81a1a06909f766dea8be4072ef81de62b8;p=thirdparty%2Flibarchive.git

mtree reader: limit the range of nanoseconds (0 to 999999999)
Prevents a possible integer overflow in archive_entry_set_mtime()

Reported-By:	OSS-Fuzz issue 538
---

diff --git a/libarchive/archive_read_support_format_mtree.c b/libarchive/archive_read_support_format_mtree.c
index 979a499d1..4231ff500 100644
--- a/libarchive/archive_read_support_format_mtree.c
+++ b/libarchive/archive_read_support_format_mtree.c
@@ -1608,8 +1608,11 @@ parse_keyword(struct archive_read *a, struct mtree *mtree,
 			if (*val == '.') {
 				++val;
 				ns = (long)mtree_atol10(&val);
-			} else
-				ns = 0;
+				if (ns < 0)
+					ns = 0;
+				else if (ns > 999999999)
+					ns = 999999999;
+			}
 			if (m > my_time_t_max)
 				m = my_time_t_max;
 			else if (m < my_time_t_min)