overflow-fsize.patch 1.4 KB

1234567891011121314151617181920212223242526272829303132333435
  1. t a/list.c b/list.c
  2. index f7359c3..4c3d703 100644
  3. --- a/list.c
  4. +++ b/list.c
  5. @@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */
  6. {
  7. int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
  8. #ifndef WINDLL
  9. - char sgn, cfactorstr[10];
  10. + char sgn, cfactorstr[13];
  11. int longhdr=(uO.vflag>1);
  12. #endif
  13. int date_format;
  14. @@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */
  15. G.crec.compression_method == ENHDEFLATED) {
  16. methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
  17. } else if (methnum >= NUM_METHODS) {
  18. - sprintf(&methbuf[4], "%03u", G.crec.compression_method);
  19. + /* 2013-02-26 SMS.
  20. + * http://sourceforge.net/tracker/?func=detail
  21. + * &aid=2861648&group_id=118012&atid=679786
  22. + * Unexpectedly large compression methods overflow
  23. + * &methbuf[]. Use the old, three-digit decimal format
  24. + * for values which fit. Otherwise, sacrifice the
  25. + * colon, and use four-digit hexadecimal.
  26. + */
  27. + if (G.crec.compression_method <= 999) {
  28. + sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
  29. + } else {
  30. + sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
  31. + }
  32. }
  33. #if 0 /* GRR/Euro: add this? */