ar: detect and error out on 32-bit symbol table overflow
BSD ar currently does not support the /SYM64/ 64-bit symbol table, and previously truncated to 32-bits, silently producing corrupted archives larger than 4GB. Note that this is only a partial fix; additional checks will come. PR: 234454 Reported by: Aijaz Baig, imp MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
311a17259e
commit
699f180198
@ -659,9 +659,13 @@ write_objs(struct bsdar *bsdar)
|
||||
pm_sz = _ARMAG_LEN + (_ARHDR_LEN + s_sz);
|
||||
if (bsdar->as != NULL)
|
||||
pm_sz += _ARHDR_LEN + bsdar->as_sz;
|
||||
for (i = 0; (size_t)i < bsdar->s_cnt; i++)
|
||||
for (i = 0; (size_t)i < bsdar->s_cnt; i++) {
|
||||
if (*(bsdar->s_so + i) > UINT32_MAX - pm_sz)
|
||||
bsdar_errc(bsdar, EX_SOFTWARE, 0,
|
||||
"Symbol table offset overflow");
|
||||
*(bsdar->s_so + i) = htobe32(*(bsdar->s_so + i) +
|
||||
pm_sz);
|
||||
}
|
||||
}
|
||||
|
||||
if ((a = archive_write_new()) == NULL)
|
||||
|
Loading…
Reference in New Issue
Block a user