Hello.
I was going through a LFS patch and comparing to yesterdays CVS
version of cpio.
I can see in file util.c:441 in function
------------------------
copy_files_tape_to_disk (int in_des, int out_des, off_t num_bytes)
{
long size;
long k;
------------------------
"k" and "size" are long, but "num_bytes" is off_t
The size of off_t is 8 when compiled with -D_FILE_OFFSET_BITS=64 and
the size of long is only 4 on 32 bit arch.
I think option -D_FILE_OFFSET_BITS=64 is used now commonly to enable LFS.
But I see few lines below :
--------------------------------
size = (input_size < num_bytes) ? input_size : num_bytes;
if (crc_i_flag)
{
for (k = 0; k < size; ++k)
--------------------------------
IMHO this could cause an overflow in certain cases.
This issue is also in other functions in that file.
Regards Ladislav.
_______________________________________________
Bug-cpio mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-cpio
