On Wed, 2011-10-19 at 14:09 +0200, ext Denys Vlasenko wrote: > On Wed, Oct 19, 2011 at 10:11 AM, Alexey Fomenko > <[email protected]> wrote: > > Hello. > > > > archival/libarchive/get_header_tar.c: > > GET_OCTAL(a) sends to getOctal(a, strlen(a)). Afterwards getOctal terminates > > argument string outside of array bounds. > > This is intended. The fields in tar header, if the value is sufficiently > large, > may end up being not terminated at all: > > typedef struct tar_header_t { /* byte offset */ > char name[NAME_SIZE]; /* 0-99 */ > char mode[8]; /* 100-107 */ > char uid[8]; /* 108-115 */ > char gid[8]; /* 116-123 */ > char size[12]; /* 124-135 */ > char mtime[12]; /* 136-147 */ > > For example, if size is 100000000000 (octal) or more (8+ Gb), > then size[] and mtime[] fields will look like this: > > "1000000000001234567..." > > where "1234567..." is mtime. > > That's why we do field[sizeof(field)] = '\0' before parsing it > - we place NUL _after_ the field. > Ah, I see. Thanks for the explanation.
_______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
