| Summary: | cpio: do not process input files larger than 4 GB | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Tobias Stoeckmann <tobias> |
| Component: | Other | Assignee: | unassigned |
| Status: | NEW --- | ||
| Severity: | normal | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.33.x | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
| Attachments: | cpio.patch | ||
Created attachment 9026 [details] cpio.patch The file size is casted to a 32 bit unsigned data type. If the input file is 4 GB or larger, the size field is truncated. If the input file contains cpio headers at the correct position, then the extraction of such a created cpio archive leads to unexpected output.