Integer Overflows when Processing Directory Listing
|Reported by:||Bill||Owned by:|
|Component version:||188.8.131.52||Operating system type:||Linux|
|Operating system version:||Ubuntu 18.04.4|
There are integer overflows in enging/directorylistingparser.cpp and interface/remotelistview.cpp, when converting from the string received to int64_t. A number higher than the max of int64_t as the size returned in a directory listing will be improperly parsed and produce nonsensical results, such as a negative file size.
This happens on lines 220, 2644, and 2665 in directorylistingparser and 782 in remotelistview (not an exhaustive list).
Since this value is not used, other than displayed to the user, I do not think this can be exploited, nor crash the program.