xz-analysis-mirror/src
Jia Tan ae5c07b22a liblzma: Add overflow check for Unpadded size in lzma_index_append().
This was not a security bug since there was no path to overflow
UINT64_MAX in lzma_index_append() or when it calls index_file_size().
The bug was discovered by a failing assert() in vli_ceil4() when called
from index_file_size() when unpadded_sum (the sum of the compressed size
of current Stream and the unpadded_size parameter) exceeds LZMA_VLI_MAX.

Previously, the unpadded_size parameter was checked to be not greater
than UNPADDED_SIZE_MAX, but no check was done once compressed_base was
added.

This could not have caused an integer overflow in index_file_size() when
called by lzma_index_append(). The calculation for file_size breaks down
into the sum of:

- Compressed base from all previous Streams
- 2 * LZMA_STREAM_HEADER_SIZE (size of the current Streams header and
  footer)
- stream_padding (can be set by lzma_index_stream_padding())
- Compressed base from the current Stream
- Unpadded size (parameter to lzma_index_append())

The sum of everything except for Unpadded size must be less than
LZMA_VLI_MAX. This is guarenteed by overflow checks in the functions
that can set these values including lzma_index_stream_padding(),
lzma_index_append(), and lzma_index_cat(). The maximum value for
Unpadded size is enforced by lzma_index_append() to be less than or
equal UNPADDED_SIZE_MAX. Thus, the sum cannot exceed UINT64_MAX since
LZMA_VLI_MAX is half of UINT64_MAX.

Thanks to Joona Kannisto for reporting this.
2023-08-28 23:04:56 +08:00
..
common mythread.h: Fix typo error in Vista threads mythread_once(). 2023-08-08 20:07:59 +08:00
liblzma liblzma: Add overflow check for Unpadded size in lzma_index_append(). 2023-08-28 23:04:56 +08:00
lzmainfo Build: Prepare to support Automake's subdir-objects. 2014-10-29 21:15:35 +02:00
scripts xzdiff: Add support for .lz files. 2022-11-11 13:16:21 +02:00
xz xz: Omit an empty paragraph on the man page. 2023-08-02 17:15:12 +03:00
xzdec Build: Add support for translated man pages using po4a. 2020-02-07 15:32:21 +02:00
Makefile.am Build: Prepare to support Automake's subdir-objects. 2014-10-29 21:15:35 +02:00