From 3ad08e01b4d253c66ae56414886089684155af22 Mon Sep 17 00:00:00 2001

From: Tim Kientzle <kientzle@acm.org>

Date: Sun, 19 Jun 2016 14:34:37 -0700

Subject: [PATCH] Issue 717:  Fix integer overflow when computing location of

 volume descriptor

The multiplication here defaulted to 'int' but calculations

of file positions should always use int64_t.  A simple cast

suffices to fix this since the base location is always 32 bits

for ISO, so multiplying by the sector size will never overflow

a 64-bit integer.

---

 libarchive/archive_read_support_format_iso9660.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c

index 6934cee..f41ba38 100644

--- a/libarchive/archive_read_support_format_iso9660.c

+++ b/libarchive/archive_read_support_format_iso9660.c

@@ -1091,7 +1091,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660)

 		/* This condition is unlikely; by way of caution. */

 		vd = &(iso9660->joliet);

-	skipsize = LOGICAL_BLOCK_SIZE * vd->location;

+	skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location;

 	skipsize = __archive_read_consume(a, skipsize);

 	if (skipsize < 0)

 		return ((int)skipsize);

@@ -1129,7 +1129,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660)

 	    && iso9660->seenJoliet) {

 		/* Switch reading data from primary to joliet. */

 		vd = &(iso9660->joliet);

-		skipsize = LOGICAL_BLOCK_SIZE * vd->location;

+		skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location;

 		skipsize -= iso9660->current_position;

 		skipsize = __archive_read_consume(a, skipsize);

 		if (skipsize < 0)

-- 

2.7.4