Re: Integer overflow in libtar (<= 1.2.19)

[Chris Palmer <snackypants () gmail com>]

On Wed, Oct 9, 2013 at 9:36 PM, Huzaifa Sidhpurwala <huzaifas () redhat com> wrote:

> http://repo.or.cz/w/libtar.git/commit/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04

I haven't read all the ultimate callees, but it might be that some
internal/external APIs should change too. If these:

146 /* macros for reading/writing tarchive blocks */
147 #define tar_block_read(t, buf) \
148     (*((t)->type->readfunc))((t)->fd, (char *)(buf), T_BLOCKSIZE)
149 #define tar_block_write(t, buf) \
150     (*((t)->type->writefunc))((t)->fd, (char *)(buf), T_BLOCKSIZE)

boil down to functions that implement the same interface as read(2)
and write(2), and it sure seems like it, then the |int i| in this:

 int
 th_read(TAR *t)
 {
-       int i, j;
-       size_t sz;
+       int i;
+       size_t sz, j, blocks;
        char *ptr;

— and the callees, and their declared interfaces — should use ssize_t, not int.