| author | Mansour Gashasbi <gashasbi@gmail.com> | 2024年05月19日 09:52:32 -0700 |
|---|---|---|
| committer | R. Bernstein <rocky@gnu.org> | 2024年05月21日 13:45:46 -0400 |
| commit | 455b6982a007f04e1d81d8a1a97e7ca9b0a2e170 (patch) | |
| tree | 816516b0a5e078e6e0232d00e700f64b4886df55 | |
| parent | 7b346798a7f9afc1f1080914741eb24dad58803f (diff) | |
| download | libcdio-455b6982a007f04e1d81d8a1a97e7ca9b0a2e170.tar.gz | |
| -rw-r--r-- | lib/iso9660/iso9660_fs.c | 20 |
diff --git a/lib/iso9660/iso9660_fs.c b/lib/iso9660/iso9660_fs.c index 5cd1f759..4e261044 100644 --- a/lib/iso9660/iso9660_fs.c +++ b/lib/iso9660/iso9660_fs.c @@ -1509,6 +1509,16 @@ iso9660_fs_readdir (CdIo_t *p_cdio, const char psz_path[]) } { + // **Fix for overflow on 32-bit systems** + // + // uint32_t has a limited maximum value, and if p_stat->total_size (the total + // size of the directory) is very large, the calculation might exceed this limit. + + if (p_stat->total_size > SIZE_MAX / ISO_BLOCKSIZE) { + cdio_warn("Total size is too large"); + iso9660_stat_free(p_stat); + return NULL; + } unsigned offset = 0; uint8_t *_dirbuf = NULL; uint32_t blocks = CDIO_EXTENT_BLOCKS(p_stat->total_size); @@ -1606,6 +1616,16 @@ iso9660_ifs_readdir (iso9660_t *p_iso, const char psz_path[]) } { + // **Fix for overflow on 32-bit systems** + // + // uint32_t has a limited maximum value, and if p_stat->total_size (the total + // size of the directory) is very large, the calculation might exceed this limit. + + if (p_stat->total_size > SIZE_MAX / ISO_BLOCKSIZE) { + cdio_warn("Total size is too large"); + iso9660_stat_free(p_stat); + return NULL; + } long int ret; unsigned offset = 0; uint8_t *_dirbuf = NULL; |