From 93b11caed8b7e23081d3247b182fbc1b86a120f9 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <stoeckmann@users.noreply.github.com>
Date: Mon, 29 Apr 2024 22:06:30 +0200
Subject: [PATCH] lha: Do not allow negative file sizes (#2155)

Files sizes cannot be negative, so abort lha processing if archive
claims otherwise.
---
 libarchive/archive_read_support_format_lha.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
index 4d6290ac3..ae5a1d7d6 100644
--- a/libarchive/archive_read_support_format_lha.c
+++ b/libarchive/archive_read_support_format_lha.c
@@ -1347,6 +1347,8 @@ lha_read_file_extended_header(struct archive_read *a, struct lha *lha,
 				lha->compsize = archive_le64dec(extdheader);
 				extdheader += sizeof(uint64_t);
 				lha->origsize = archive_le64dec(extdheader);
+				if (lha->compsize < 0 || lha->origsize < 0)
+					goto invalid;
 			}
 			break;
 		case EXT_CODEPAGE:
-- 
2.47.2