]> git.ipfire.org Git - thirdparty/libarchive.git/commitdiff
projects / thirdparty / libarchive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3034826)
lz4: Avoid integer overflow in lz4_filter_read
authorTobias Stoeckmann <tobias@stoeckmann.org>
Thu, 28 May 2026 15:39:41 +0000 (17:39 +0200)
committerTobias Stoeckmann <tobias@stoeckmann.org>
Fri, 29 May 2026 16:02:09 +0000 (18:02 +0200)
Integer promotion stops at unsigned int, thus addition of 4 to a
uint32_t can lead to an integer overflow.

Use int64_t to support all values.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
libarchive/archive_read_support_filter_lz4.c patch | blob | blame | history

diff --git a/libarchive/archive_read_support_filter_lz4.c b/libarchive/archive_read_support_filter_lz4.c
index acd7f515799774e25ab51a89d769e3aa556c5615..517e73feb5a0026996634392583e66e4ec4d3961 100644 (file)
--- a/libarchive/archive_read_support_filter_lz4.c
+++ b/libarchive/archive_read_support_filter_lz4.c
@@ -408,7 +408,7 @@ lz4_filter_read(struct archive_read_filter *self, const void **p)
                                    "Malformed lz4 data");
                                return (ARCHIVE_FATAL);
                        }
-                       uint32_t skip_bytes = archive_le32dec(read_buf);
+                       int64_t skip_bytes = archive_le32dec(read_buf);
                        __archive_read_filter_consume(self->upstream,
                                4 + skip_bytes);
                } else {
Mirror of https://github.com/libarchive/libarchive.git