1 files changed, 37 insertions, 0 deletions

diff --git a/main/libarchive/CVE-2016-5844.patch b/main/libarchive/CVE-2016-5844.patch
new file mode 100644
index 0000000000..ab7f649ef8
--- /dev/null
+++ b/main/libarchive/CVE-2016-5844.patch
@@ -0,0 +1,37 @@
+From 3ad08e01b4d253c66ae56414886089684155af22 Mon Sep 17 00:00:00 2001
+From: Tim Kientzle <kientzle@acm.org>
+Date: Sun, 19 Jun 2016 14:34:37 -0700
+Subject: [PATCH] Issue 717:  Fix integer overflow when computing location of
+ volume descriptor
+
+The multiplication here defaulted to 'int' but calculations
+of file positions should always use int64_t.  A simple cast
+suffices to fix this since the base location is always 32 bits
+for ISO, so multiplying by the sector size will never overflow
+a 64-bit integer.
+---
+ libarchive/archive_read_support_format_iso9660.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
+index 6934cee..f41ba38 100644
+--- a/libarchive/archive_read_support_format_iso9660.c
++++ b/libarchive/archive_read_support_format_iso9660.c
+@@ -1091,7 +1091,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660)
+ 		/* This condition is unlikely; by way of caution. */
+ 		vd = &(iso9660->joliet);
+ 
+-	skipsize = LOGICAL_BLOCK_SIZE * vd->location;
++	skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location;
+ 	skipsize = __archive_read_consume(a, skipsize);
+ 	if (skipsize < 0)
+ 		return ((int)skipsize);
+@@ -1129,7 +1129,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660)
+ 	    && iso9660->seenJoliet) {
+ 		/* Switch reading data from primary to joliet. */
+ 		vd = &(iso9660->joliet);
+-		skipsize = LOGICAL_BLOCK_SIZE * vd->location;
++		skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location;
+ 		skipsize -= iso9660->current_position;
+ 		skipsize = __archive_read_consume(a, skipsize);
+ 		if (skipsize < 0)