liblzma: lzma_index_append: Add missing integer overflow check.

The documentation in src/liblzma/api/lzma/index.h suggests that
both the unpadded (compressed) size and the uncompressed size
are checked for overflow, but only the unpadded size was checked.
The uncompressed check is done first since that is more likely to
occur than the unpadded or index field size overflows.
This commit is contained in:
Jia Tan 2022-09-02 20:18:55 +08:00 committed by Lasse Collin
parent 9ac06cb5b8
commit 18d7facd38
1 changed files with 4 additions and 0 deletions

View File

@ -656,6 +656,10 @@ lzma_index_append(lzma_index *i, const lzma_allocator *allocator,
const uint32_t index_list_size_add = lzma_vli_size(unpadded_size) const uint32_t index_list_size_add = lzma_vli_size(unpadded_size)
+ lzma_vli_size(uncompressed_size); + lzma_vli_size(uncompressed_size);
// Check that uncompressed size will not overflow.
if (uncompressed_base + uncompressed_size > LZMA_VLI_MAX)
return LZMA_DATA_ERROR;
// Check that the file size will stay within limits. // Check that the file size will stay within limits.
if (index_file_size(s->node.compressed_base, if (index_file_size(s->node.compressed_base,
compressed_base + unpadded_size, s->record_count + 1, compressed_base + unpadded_size, s->record_count + 1,