On 28.11.2018 18:25, Michał Górny wrote: > arcn->sb.st_gid = (gid_t)asc_u32(hd->gid, sizeof(hd->gid), OCT); > arcn->sb.st_size = (off_t)ASC_OFFT(hd->size, sizeof(hd->size), OCT); > + if (arcn->sb.st_size == -1) > + return -1; > arcn->sb.st_mtime = (time_t)(int32_t)asc_u32(hd->mtime, > sizeof(hd->mtime), OCT); > arcn->sb.st_ctime = arcn->sb.st_atime = arcn->sb.st_mtime; > > @@ -860,6 +862,8 @@ ustar_rd(ARCHD *arcn, char *buf) > arcn->sb.st_mode = (mode_t)(asc_u32(hd->mode, sizeof(hd->mode), OCT) & > 0xfff); > arcn->sb.st_size = (off_t)ASC_OFFT(hd->size, sizeof(hd->size), OCT); > + if (arcn->sb.st_size == -1) > + return -1; > arcn->sb.st_mtime = (time_t)(int32_t)asc_u32(hd->mtime, > sizeof(hd->mtime), OCT); > arcn->sb.st_ctime = arcn->sb.st_atime = arcn->sb.st_mtime; >
I would try to store the result from asc_u32 in a local variable, compare it with UINTMAX_MAX. If all fine, assign it to sb_size with the (off_t) cast. This way we will prevent setting unsigned value and comparing with signed negative. At least it's not fully portable and a little bit cryptic.
signature.asc
Description: OpenPGP digital signature
