Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
undefined behaviour in archive_read_support_format_mtree.c #539
When compiling libarchive with the compile flag -fsanitize=undefined (enabling undefined behaviour sanitizer) it'll throw a warning when trying to open any mtree file:
This is the code that's causing this:
What libarchive is trying to do here is calculating the value of TIME_T_MIN/MAX by triggering an overflow.
However overflows in signed values are undefined in C. This code is therefore strictly speaking invalid, the compiler may do whatever it likes in such situations, without any defined outcome.
I haven't come up with an elegant other way to do this yet. Probably the best would be to convince the glibc devs to define TIME_T_MIN/MAX in their headers.
added a commit
May 16, 2015
According to <URL: https://security-tracker.debian.org/tracker/CVE-2015-8931 > this is a security issue with ID CVE-2015-8931 .
URL disappeared, second try: https://security-tracker.debian.org/tracker/CVE-2015-8931