This is the mail archive of the
mailing list for the binutils project.
Re: ar mishandles files bigger than 2GB
On Tue, 3 Jan 2012, Jeffrey Walton wrote:
> > So one of the first problems in handling files bigger than 2GB is that
> > in the BFD library we use a long to write the size as a string to the
> > archive element header. On a 32bit platform this results in a negative
> > or truncated file size even though support for large files is enabled.
> This might have security related implications also.
Besides writing the wrong file size ar mostly works correctly (there are
a number of other places where the wrong type is used to store the file
size but it does not seem to impact the archive generation side).
However anyone can already generate a broken ar archive. So while there
may be security implications on the 'read' side (I did not investigate
this angle), they would already be there for specially crafted invalid
archives smaller than 2GB.
> Are there any CVE associated with it?
Not that I know of.
Francois Gouget <firstname.lastname@example.org>,