[syslinux] [PATCH] isohybrid: fix overflow on 32 bit system

[Kai Kang]

When call isohybrid with option '-u', it overflows on a 32 bits host. It
seeks to 512 bytes before the end of the image to install gpt header. If
the size of image is larger than LONG_MAX, it overflows fseek() and
cause error:

isohybrid: wrlinux-image-x86-64-20140505110100.iso: seek error - 8: Invalid argument

Check the offset and call fseek() multi-times if offset is too large.

Signed-off-by: Kai Kang <kai.kang at windriver.com>
---
 utils/isohybrid.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/utils/isohybrid.c b/utils/isohybrid.c
index 410bb60..4047287 100644
--- a/utils/isohybrid.c
+++ b/utils/isohybrid.c
@@ -34,6 +34,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 #include <sys/stat.h>
 #include <inttypes.h>
 #include <uuid/uuid.h>
@@ -888,7 +889,7 @@ main(int argc, char *argv[])
     FILE *fp = NULL;
     uint8_t *buf = NULL, *bufz = NULL;
     int cylsize = 0, frac = 0;
-    size_t orig_gpt_size, free_space, gpt_size;
+    size_t orig_gpt_size, free_space, gpt_size, real_offset;
     struct iso_primary_descriptor descriptor;
 
     prog = strcpy(alloca(strlen(argv[0]) + 1), argv[0]);
@@ -1125,9 +1126,16 @@ main(int argc, char *argv[])
 	 * Seek far enough back that the gpt header is 512 bytes before the
 	 * end of the image
 	 */
+	real_offset = (isostat.st_size + padding) - orig_gpt_size - 512;
 
-	if (fseek(fp, (isostat.st_size + padding) - orig_gpt_size - 512,
-		  SEEK_SET))
+	fseek(fp, 0, SEEK_SET);
+	while (real_offset > LONG_MAX) {
+		if (fseek(fp, LONG_MAX, SEEK_CUR))
+			err(1, "%s: seek error - 8", argv[0]);
+		real_offset -= LONG_MAX;
+	}
+
+	if (fseek(fp, real_offset, SEEK_CUR))
 	    err(1, "%s: seek error - 8", argv[0]);
 
 	if (fwrite(buf, sizeof(char), orig_gpt_size, fp) != orig_gpt_size)
-- 
1.9.1