From a6375472a41af7f1521369d0c22a858d7051ab18 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Sat, 28 Oct 2017 10:59:55 +0200
Subject: Prevent overflow in Installed-Size (and Size) in apt show

Installed-Size for linux-image-4.13.0-1-amd64-dbg and friends
are larger than 4 GB, but read as a signed integer - that's
fine so far, as the value is in KB, but it's multiplied with
1024 which overflows. So let's read it as unsigned long long
instead.

While we're at it, also use unsigned long long for Size, in
case that is bigger than 2 GB.
---
 apt-private/private-show.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'apt-private')

diff --git a/apt-private/private-show.cc b/apt-private/private-show.cc
index 3cc6a5b87..1baf7990a 100644
--- a/apt-private/private-show.cc
+++ b/apt-private/private-show.cc
@@ -185,12 +185,12 @@ static bool DisplayRecordV2(pkgCacheFile &CacheFile, pkgCache::VerIterator const
    // make size nice
    std::string installed_size;
    if (Tags.FindI("Installed-Size") > 0)
-      strprintf(installed_size, "%sB", SizeToStr(Tags.FindI("Installed-Size")*1024).c_str());
+      strprintf(installed_size, "%sB", SizeToStr(Tags.FindULL("Installed-Size") * 1024).c_str());
    else
       installed_size = _("unknown");
    std::string package_size;
    if (Tags.FindI("Size") > 0)
-      strprintf(package_size, "%sB", SizeToStr(Tags.FindI("Size")).c_str());
+      strprintf(package_size, "%sB", SizeToStr(Tags.FindULL("Size")).c_str());
    else
       package_size = _("unknown");
 
-- 
cgit v1.2.3