search

fragglet / lhasa

Free Software LHA implementation
http://fragglet.github.io/lhasa/
ISC License
80 stars 15 forks source link

Fix integer overflow in lha_decode_uint32(), lha_decode_be_uint32() #22

Closed jwilk closed 6 years ago

jwilk commented 6 years ago

uint8_t was automatically promoted to int, and then left shift by 24 could overflow it. Add explicit casts to uint32_t to avoid undefined behavior.

fragglet commented 6 years ago

Is this an issue because on some systems, sizeof(int) == 2?

jwilk commented 6 years ago

No, the overflow happens also when sizeof (int) == 4. If buf[0] is ≥ 128, then buf[0] << 24 is ≥ 2147483648, which is greater than INT_MAX.