aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--qtbz2.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/qtbz2.c b/qtbz2.c
index 7cc0b37b..0f26ac45 100644
--- a/qtbz2.c
+++ b/qtbz2.c
@@ -1,9 +1,10 @@
/*
- * Copyright 2005-2020 Gentoo Foundation
+ * Copyright 2005-2022 Gentoo Foundation
* Distributed under the terms of the GNU General Public License v2
*
* Copyright 2005-2010 Ned Ludd - <solar@gentoo.org>
* Copyright 2005-2014 Mike Frysinger - <vapier@gentoo.org>
+ * Copyright 2020- Fabian Groffen - <grobian@gentoo.org>
*/
#include "main.h"
@@ -199,6 +200,17 @@ tbz2_decompose(int dir_fd, const char *tbz2, const char *tarbz2, const char *xpa
/* calculate tarbz2's size */
tarbz2_size = st.st_size - xpak_size - TBZ2_END_LEN;
+ /* attempt to check xpak_size and tarbz2_size for Coverity's taint
+ * check CID 248878 */
+ if (xpak_size <= 0 || xpak_size >= st.st_size) {
+ warn("%s: invalid xpak size: %ld", tbz2, xpak_size);
+ goto close_in_and_ret;
+ }
+ if (tarbz2_size <= 0) {
+ warn("%s: invalid tar size: %ld", tbz2, tarbz2_size);
+ goto close_in_and_ret;
+ }
+
/* reset to the start of the tbz2 */
rewind(in);
/* dump the tar.bz2 */