copyout.c:300
char ascii_header[112];
...
sprintf (ascii_header,
"%6s%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
magic_string,
file_hdr->c_ino, file_hdr->c_mode, file_hdr->c_uid,
file_hdr->c_gid, file_hdr->c_nlink, file_hdr->c_mtime,
file_hdr->c_filesize, file_hdr->c_dev_maj,
file_hdr->c_dev_min,
file_hdr->c_rdev_maj, file_hdr->c_rdev_min,
file_hdr->c_namesize,
file_hdr->c_chksum);
...
Cpio assumes the filesize is at most 8 digits in size and that's not.
If it's more, this buffer will indeed overflow.
see:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669
_______________________________________________
Bug-cpio mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-cpio
