From 604b607d8ac91eb8afc0b6e3d917d5c073096103 Mon Sep 17 00:00:00 2001
From: Phillip Lougher <phillip@squashfs.org.uk>
Date: Wed, 11 Jun 2014 04:51:37 +0100
Subject: mksquashfs: ensure value does not overflow a signed int in -mem
 option

Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>

diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c
index 5370ecf..9676dc8 100644
--- a/squashfs-tools/mksquashfs.c
+++ b/squashfs-tools/mksquashfs.c
@@ -5193,7 +5193,16 @@ print_compressor_options:
 					 argv[0]);
 				exit(1);
 			}
-			/* convert from bytes to Mbytes */
+
+			/*
+			 * convert from bytes to Mbytes, ensuring the value
+			 * does not overflow a signed int
+			 */
+			if(number >= (1LL << 51)) {
+				ERROR("%s: -mem invalid mem size\n", argv[0]);
+				exit(1);
+			}
+
 			total_mem = number / 1048576;
 			if(total_mem < (SQUASHFS_LOWMEM / SQUASHFS_TAKE)) {
 				ERROR("%s: -mem should be %d Mbytes or "
-- 
cgit v0.10.1