1Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/] 2CVE: CVE-2018-18384 3Signed-off-by: Changqing Li <changqing.li@windriver.com> 4 5--- unzip60/list.c 6+++ unzip60/list.c 7@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type 8 { 9 int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; 10 #ifndef WINDLL 11- char sgn, cfactorstr[10]; 12+ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */ 13 int longhdr=(uO.vflag>1); 14 #endif 15 int date_format; 16@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type 17 } 18 #else /* !WINDLL */ 19 if (cfactor == 100) 20- sprintf(cfactorstr, LoadFarString(CompFactor100)); 21+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); 22 else 23- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); 24+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); 25 if (longhdr) 26 Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), 27 FmZofft(G.crec.ucsize, "8", "u"), methbuf, 28@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type 29 30 #else /* !WINDLL */ 31 if (cfactor == 100) 32- sprintf(cfactorstr, LoadFarString(CompFactor100)); 33+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); 34 else 35- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); 36+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); 37 if (longhdr) { 38 Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), 39 FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), 40