Fix some problems with negative and out-of-range integers.
Original problem reported for HP-UX LVM v2.2 by Michael White in <http://lists.gnu.org/archive/html/bug-tar/2012-10/msg00000.html>. This patch fixes some other gotchas that I noticed. * gnulib.modules: Add extern-inline. * src/common.h: Use _GL_INLINE_HEADER_BEGIN, _GL_INLINE_HEADER_END. (COMMON_INLINE, max, min): New macros. (represent_uintmax, valid_timespec): New inline functions. (SYSINT_BUFSIZE): New constant. (sysinttostr, strtosysint, decode_timespec): New decls. * src/create.c (start_private_header): Silently bring the time_t value into range; it is now the caller's responsibility to deal with any overflow error. Use uid 0 and gid 0 rather than the user's uid/gid, since the faked header isn't "owned" by the user and the uid/gid could in theory be out of range. Leave major and minor zeroed. (FILL): Remove. (write_gnu_long_link): Let start_private_header zero things out. * src/create.c (write_gnu_long_link, write_extended): * src/xheader.c (xheader_write_global): Use start_time, not current time; no point hammering on the clock. * src/compare.c (diff_multivol): Check that offset, size are in range. * src/incremen.c (read_incr_db_01, write_directory_file_entry): Allow negative time_t, dev_t, and ino_t. * src/list.c (max): Remove (moved to common.h). (read_header): Check that size is in range. (from_header): Return intmax_t, not uintmax_t, to allow negative. All callers changed. At compile time, check assumptions about intmax_t and uintmax_t. Use bool for booleans. Avoid overflow hassles on picky hosts. (mode_from_header): Last arg is now bool *, not unsigned *. All callers changed. (simple_print_header): Do not assume UID, GID fit in 'long'. * src/list.c (from_header): * src/xheader.c (out_of_range_header): Arg is now a plain minimum value, not minus minval converted to uintmax_t. All callers changed. * src/misc.c (COMMON_INLINE): New macro. (sysinttostr, strtosysint, decode_timespec): New functions. * src/sparse.c (oldgnu_add_sparse, oldgnu_fixup_header) (star_fixup_header): Check for offset overflow. (decode_num): Clear errno before calling strtoumax. * src/tar.c (expand_pax_option): Don't discard nanoseconds. * src/xheader.c (assign_time_option): Allow negative time_t. (decode_record): Simplify, since out-of-range string is guaranteed to produce a value exceeding len_max. (xheader_read): Last arg is off_t, not size_t. Caller should diagnose negative arg, as needed. Check that it's in range. (enum decode_time_status): Remove. (_decode_time): Remove, folding into decode_time. (decode_time): Return bool, not enum decode_time_status. Rely on decode_timespec to do most of the work. (code_signed_num): New function. (code_num): Use it. (decode_signed_num): New function. (decode_num): Use it. (gid_coder, gid_decoder, uid_coder, uid_decoder, sparse_map_decoder) (sparse_map_decoder): Code and decode negative values. (sparse_map_decoder): Improve check for out-of-range values. * tests/time01.at: New file. * tests/Makefile.am (TESTSUITE_AT): Add it. * tests/testsuite.at: Include it.
This commit is contained in:
Paul Eggert
@@ -12,6 +12,7 @@ configmake
|
||||
dirname
|
||||
error
|
||||
exclude
|
||||
extern-inline
|
||||
exitfail
|
||||
fchmodat
|
||||
fchownat
|
||||
|
||||
Reference in New Issue
Block a user