On Wed, Oct 19, 2011 at 10:11 AM, Alexey Fomenko
<[email protected]> wrote:
> Hello.
>
> archival/libarchive/get_header_tar.c:
> GET_OCTAL(a) sends to getOctal(a, strlen(a)). Afterwards getOctal terminates
> argument string outside of array bounds.
This is intended. The fields in tar header, if the value is sufficiently large,
may end up being not terminated at all:
typedef struct tar_header_t { /* byte offset */
char name[NAME_SIZE]; /* 0-99 */
char mode[8]; /* 100-107 */
char uid[8]; /* 108-115 */
char gid[8]; /* 116-123 */
char size[12]; /* 124-135 */
char mtime[12]; /* 136-147 */
For example, if size is 100000000000 (octal) or more (8+ Gb),
then size[] and mtime[] fields will look like this:
"1000000000001234567..."
where "1234567..." is mtime.
That's why we do field[sizeof(field)] = '\0' before parsing it
- we place NUL _after_ the field.
--
vda
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
