From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 4 Jun 2026 20:13:45 +0000 (+0200)
Subject: gzip: Fix OOB with huge filenames
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc2ccf30a7e30ef432c33a8b5f281f76d9dbde4e;p=thirdparty%2Flibarchive.git

gzip: Fix OOB with huge filenames

If a filename is larger than INT_MAX, an out of boundary write could
occur on 64 bit systems. Fix data types and ignore such huge file names.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/libarchive/archive_write_add_filter_gzip.c b/libarchive/archive_write_add_filter_gzip.c
index cdf974e07..571927558 100644
--- a/libarchive/archive_write_add_filter_gzip.c
+++ b/libarchive/archive_write_add_filter_gzip.c
@@ -253,9 +253,9 @@ archive_compressor_gzip_open(struct archive_write_filter *f)
 		/* Limit "original filename" to 32k or the
 		 * remaining space in the buffer, whichever is smaller.
 		 */
-		int ofn_length = strlen(data->original_filename);
-		int ofn_max_length = 32768;
-		int ofn_space_available = data->compressed
+		size_t ofn_length = strlen(data->original_filename);
+		size_t ofn_max_length = 32768;
+		size_t ofn_space_available = data->compressed
 			+ data->compressed_buffer_size
 			- data->stream.next_out
 			- 1;