From owner-svn-src-all@FreeBSD.ORG Sat Mar 23 21:34:11 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 43315C9E; Sat, 23 Mar 2013 21:34:11 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 3589BA2A; Sat, 23 Mar 2013 21:34:11 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r2NLYBwV092760; Sat, 23 Mar 2013 21:34:11 GMT (envelope-from mm@svn.freebsd.org) Received: (from mm@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r2NLYBcs092759; Sat, 23 Mar 2013 21:34:11 GMT (envelope-from mm@svn.freebsd.org) Message-Id: <201303232134.r2NLYBcs092759@svn.freebsd.org> From: Martin Matuska Date: Sat, 23 Mar 2013 21:34:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r248664 - head/contrib/libarchive/libarchive X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Mar 2013 21:34:11 -0000 Author: mm Date: Sat Mar 23 21:34:10 2013 New Revision: 248664 URL: http://svnweb.freebsd.org/changeset/base/248664 Log: Merge bugfix from vendor master branch: Limit write requests to at most INT_MAX. This prevents a certain common programming error (passing -1 to write) from leading to other problems deeper in the library. References: https://github.com/libarchive/libarchive/commit/22531545514043e0 Reported by: Xin Li Obtained from: libarchive (master branch) Modified: head/contrib/libarchive/libarchive/archive_write.c Modified: head/contrib/libarchive/libarchive/archive_write.c ============================================================================== --- head/contrib/libarchive/libarchive/archive_write.c Sat Mar 23 20:46:47 2013 (r248663) +++ head/contrib/libarchive/libarchive/archive_write.c Sat Mar 23 21:34:10 2013 (r248664) @@ -671,8 +671,13 @@ static ssize_t _archive_write_data(struct archive *_a, const void *buff, size_t s) { struct archive_write *a = (struct archive_write *)_a; + const size_t max_write = INT_MAX; + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, ARCHIVE_STATE_DATA, "archive_write_data"); + /* In particular, this catches attempts to pass negative values. */ + if (s > max_write) + s = max_write; archive_clear_error(&a->archive); return ((a->format_write_data)(a, buff, s)); }