archive/tar: fix numeric overflow issues in readGNUSparseMap0x1 - go - Fork of Go programming language with my patches.

diff options

author	Joe Tsai <joetsai@digital-static.net>	2015-10-01 01:04:24 -0700
committer	Brad Fitzpatrick <bradfitz@golang.org>	2015-10-06 17:49:05 +0000
commit	e4add8d569d3152a461dbdf6e086dd60c8ca6c27 (patch)
tree	82bd7547da45cb82cc9ff16e36d37fbbb0252248 /src/database
parent	281eabe46f638139b8d85d87a359880dc0f8ea81 (diff)
download	go-e4add8d569d3152a461dbdf6e086dd60c8ca6c27.tar.xz

archive/tar: fix numeric overflow issues in readGNUSparseMap0x1

Motivation: * The logic to verify the numEntries can overflow and incorrectly pass, allowing a malicious file to allocate arbitrary memory. * The use of strconv.ParseInt does not set the integer precision to 64bit, causing this code to work incorrectly on 32bit machines. Change-Id: I1b1571a750a84f2dde97cc329ed04fe2342aaa60 Reviewed-on: https://go-review.googlesource.com/15173 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>

Diffstat (limited to 'src/database')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: