Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lzmainfo: Avoid integer overflow #144

Closed
wants to merge 1 commit into from

Conversation

stoeckmann
Copy link
Contributor

The MB output can overflow with huge numbers. Most likely these are invalid lzma files anyway, but let's avoid garbage output.

Proof of Concept:

  1. Create an lzma file with huge values
base64 -d <<< AP/////+/////////w== > poc.lzma
  1. Run lzmainfo
lzmainfo poc.lzma

You can see this output:

poc.lzma
Uncompressed size:             0 MB (18446744073709551614 bytes)
Dictionary size:               0 MB (2^31 bytes)
Literal context bits (lc):     0
Literal pos bits (lp):         0
Number of pos bits (pb):       0

Clearly these MB values are wrong.

@Larhzu
Copy link
Member

Larhzu commented Sep 16, 2024

Thanks! The relevant code goes back to early LZMA Utils from 2005, so the bug is over 19 years old. This has to be the oldest bug that has been reported.

The lowest bits get ignored so could it be simplified? (bytes / 1024 + 512) / 1024

The MB output can overflow with huge numbers. Most likely these are
invalid lzma files anyway, but let's avoid garbage output.

Co-authored-by: Lasse Collin <[email protected]>
@stoeckmann
Copy link
Contributor Author

The lowest bits get ignored so could it be simplified? (bytes / 1024 + 512) / 1024

That makes the calculation much easier! At least if my memories of school's math classes are still correct. :)

@Larhzu Larhzu closed this in 76cfd0a Sep 16, 2024
@Larhzu
Copy link
Member

Larhzu commented Sep 16, 2024

Thanks!

Larhzu pushed a commit that referenced this pull request Sep 18, 2024
The MB output can overflow with huge numbers. Most likely these are
invalid .lzma files anyway, but let's avoid garbage output.

lzmadec was adapted from LZMA Utils. The original code with this bug
was written in 2005, over 19 years ago.

Co-authored-by: Lasse Collin <[email protected]>
Closes: #144
(cherry picked from commit 76cfd0a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants