Skip to content

Commit 98dcbbf

Browse files
committed
Fail with negative lha->compsize in lha_read_file_header_1()
Fixes a heap buffer overflow reported in Secunia SA74169
1 parent 42f7080 commit 98dcbbf

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

Diff for: libarchive/archive_read_support_format_lha.c

+3
Original file line numberDiff line numberDiff line change
@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
924924
/* Get a real compressed file size. */
925925
lha->compsize -= extdsize - 2;
926926

927+
if (lha->compsize < 0)
928+
goto invalid; /* Invalid compressed file size */
929+
927930
if (sum_calculated != headersum) {
928931
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
929932
"LHa header sum error");

0 commit comments

Comments
 (0)