commit: c07a9101354356b531791a29c99f99582962fb9c Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Sat Feb 12 16:34:59 2022 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Sat Feb 12 16:34:59 2022 +0000 URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=c07a9101
qtbz2: attempt to fix Coverity taint warning Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> qtbz2.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/qtbz2.c b/qtbz2.c index 7cc0b37..0f26ac4 100644 --- a/qtbz2.c +++ b/qtbz2.c @@ -1,9 +1,10 @@ /* - * Copyright 2005-2020 Gentoo Foundation + * Copyright 2005-2022 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 * * Copyright 2005-2010 Ned Ludd - <[email protected]> * Copyright 2005-2014 Mike Frysinger - <[email protected]> + * Copyright 2020- Fabian Groffen - <[email protected]> */ #include "main.h" @@ -199,6 +200,17 @@ tbz2_decompose(int dir_fd, const char *tbz2, const char *tarbz2, const char *xpa /* calculate tarbz2's size */ tarbz2_size = st.st_size - xpak_size - TBZ2_END_LEN; + /* attempt to check xpak_size and tarbz2_size for Coverity's taint + * check CID 248878 */ + if (xpak_size <= 0 || xpak_size >= st.st_size) { + warn("%s: invalid xpak size: %ld", tbz2, xpak_size); + goto close_in_and_ret; + } + if (tarbz2_size <= 0) { + warn("%s: invalid tar size: %ld", tbz2, tarbz2_size); + goto close_in_and_ret; + } + /* reset to the start of the tbz2 */ rewind(in); /* dump the tar.bz2 */
