source: https://github.com/openSUSE/libsolv
commit
d85442d05de4f2c33e692f4815dbd06f46e3fdb8 (HEAD)
Author: Dan Nicholson <nicholson@endlessm.com>
Date: Thu Jun 21 11:51:55 2018 -0500
Bump debian control.tar size limit
Increase the arbitrary control.tar limit from 1 MB to 16 MB. We came
across an openjdk-7-jdk package that had a 2.4MB control.tar.gz and
libsolv failed to parse it. dpkg doesn't actually apply a limit to these
files.
Change-Id: I4afa5940de3b667c05939eea4e17a1fca7a7a7ad
fclose(fp);
return 0;
}
+ /* dpkg has no actual maximum size for the control.tar member, so this
+ * just keeps from allocating arbitrarily large amounts of memory.
+ */
clen = atoi((char *)buf + 8 + 60 + vlen + 48);
- if (clen <= 0 || clen >= 0x100000)
+ if (clen <= 0 || clen >= 0x1000000)
{
pool_error(pool, -1, "%s: control.tar has illegal size", deb);
fclose(fp);