Prevented possible overflow of struct elto_img_par.extract_size
This commit is contained in:
parent
4fe385baed
commit
ffaa15ed53
@ -1810,7 +1810,8 @@ static int Xorriso_scan_report_lines(struct XorrisO *xorriso,
|
|||||||
char *cat_path= "";
|
char *cat_path= "";
|
||||||
struct elto_img_par *et_imgs= NULL;
|
struct elto_img_par *et_imgs= NULL;
|
||||||
int elto_count= 0;
|
int elto_count= 0;
|
||||||
uint32_t mbr_parts_end= 0, extract_size;
|
uint32_t mbr_parts_end= 0;
|
||||||
|
off_t extract_size;
|
||||||
struct FindjoB *job= NULL;
|
struct FindjoB *job= NULL;
|
||||||
struct stat dir_stbuf;
|
struct stat dir_stbuf;
|
||||||
IsoImage *image;
|
IsoImage *image;
|
||||||
@ -2050,8 +2051,17 @@ static int Xorriso_scan_report_lines(struct XorrisO *xorriso,
|
|||||||
et_imgs[idx].path= textpt;
|
et_imgs[idx].path= textpt;
|
||||||
ret= Xorriso_iso_lstat(xorriso, et_imgs[idx].path, &dir_stbuf, 0);
|
ret= Xorriso_iso_lstat(xorriso, et_imgs[idx].path, &dir_stbuf, 0);
|
||||||
if(ret == 0) {
|
if(ret == 0) {
|
||||||
extract_size = (dir_stbuf.st_size + 2047) / 2048;
|
extract_size = (dir_stbuf.st_size + (off_t) 2047) / (off_t) 2048;
|
||||||
if(extract_size > et_imgs[idx].extract_size)
|
if(extract_size > (off_t) 0xffffffff) {
|
||||||
|
if(!(flag & 5)) {
|
||||||
|
sprintf(xorriso->info_text,
|
||||||
|
"Boot image size exceeds limit of 32-bit block count: ");
|
||||||
|
Text_shellsafe(et_imgs[idx].path, xorriso->info_text, 1);
|
||||||
|
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "SORRY", 0);
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if(extract_size > (off_t) et_imgs[idx].extract_size)
|
||||||
et_imgs[idx].extract_size= extract_size;
|
et_imgs[idx].extract_size= extract_size;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1 +1 @@
|
|||||||
#define Xorriso_timestamP "2024.03.28.144046"
|
#define Xorriso_timestamP "2024.04.02.170748"
|
||||||
|
Loading…
Reference in New Issue
Block a user