Skip to content

Commit e79ef30

Browse files
committed
Issue #718: Fix TALOS-CAN-152
If a 7-Zip archive declares a rediculously large number of substreams, it can overflow an internal counter, leading a subsequent memory allocation to be too small for the substream data. Thanks to the Open Source and Threat Intelligence project at Cisco for reporting this issue.
1 parent d85976e commit e79ef30

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

Diff for: libarchive/archive_read_support_format_7zip.c

+3
Original file line numberDiff line numberDiff line change
@@ -2153,6 +2153,9 @@ read_SubStreamsInfo(struct archive_read *a, struct _7z_substream_info *ss,
21532153
return (-1);
21542154
if (UMAX_ENTRY < f[i].numUnpackStreams)
21552155
return (-1);
2156+
if (unpack_streams > SIZE_MAX - UMAX_ENTRY) {
2157+
return (-1);
2158+
}
21562159
unpack_streams += (size_t)f[i].numUnpackStreams;
21572160
}
21582161
if ((p = header_bytes(a, 1)) == NULL)

0 commit comments

Comments
 (0)