Merge bugfix from vendor master branch:

Limit write requests to at most INT_MAX. This prevents a certain common programming error (passing -1 to write) from leading to other problems deeper in the library. References: https://github.com/libarchive/libarchive/commit/22531545514043e0 Reported by: Xin Li <delphij@FreeBSD.org> Obtained from: libarchive (master branch)
author: mm <mm@FreeBSD.org> 2013-03-23 21:34:10 +0000
committer: mm <mm@FreeBSD.org> 2013-03-23 21:34:10 +0000
commit: 460d7eef6f3e509e8213335f1055079a604777c2 (patch)
tree: 13dce80b4844a8d33145b3e2c0656fdf5fab04c8
parent: 93bfdfa5b734b802da6b12fbcec9197ef596ae73 (diff)
download: FreeBSD-src-460d7eef6f3e509e8213335f1055079a604777c2.zip
FreeBSD-src-460d7eef6f3e509e8213335f1055079a604777c2.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/contrib/libarchive/libarchive/archive_write.c b/contrib/libarchive/libarchive/archive_write.c
index 62c74d9..9e761ce 100644
--- a/contrib/libarchive/libarchive/archive_write.c
+++ b/contrib/libarchive/libarchive/archive_write.c
@@ -671,8 +671,13 @@ static ssize_t
 _archive_write_data(struct archive *_a, const void *buff, size_t s)
 {
 	struct archive_write *a = (struct archive_write *)_a;
+	const size_t max_write = INT_MAX;
+
 	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
 	    ARCHIVE_STATE_DATA, "archive_write_data");
+	/* In particular, this catches attempts to pass negative values. */
+	if (s > max_write)
+		s = max_write;
 	archive_clear_error(&a->archive);
 	return ((a->format_write_data)(a, buff, s));
 }
author	mm <mm@FreeBSD.org>	2013-03-23 21:34:10 +0000
committer	mm <mm@FreeBSD.org>	2013-03-23 21:34:10 +0000
commit	460d7eef6f3e509e8213335f1055079a604777c2 (patch)
tree	13dce80b4844a8d33145b3e2c0656fdf5fab04c8
parent	93bfdfa5b734b802da6b12fbcec9197ef596ae73 (diff)
download	FreeBSD-src-460d7eef6f3e509e8213335f1055079a604777c2.zip FreeBSD-src-460d7eef6f3e509e8213335f1055079a604777c2.tar.gz