13891 – cpio: do not process input files larger than 4 GB

Bug 13891 - cpio: do not process input files larger than 4 GB

Summary: cpio: do not process input files larger than 4 GB

Status:	NEW

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	1.33.x
Hardware:	All Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-07-01 13:58 UTC by Tobias Stoeckmann
Modified:	2021-07-01 13:58 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
cpio.patch (1.00 KB, patch) 2021-07-01 13:58 UTC, Tobias Stoeckmann	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Stoeckmann 2021-07-01 13:58:15 UTC

Created attachment 9026 [details]
cpio.patch

The file size is casted to a 32 bit unsigned data type. If the input
file is 4 GB or larger, the size field is truncated.

If the input file contains cpio headers at the correct position, then
the extraction of such a created cpio archive leads to unexpected
output.