$OpenBSD: patch-libarchive_archive_write_c,v 1.1 2016/01/30 23:34:44 naddy Exp $

CVE-2013-0211
Commits 2253154
    Limit write requests to at most INT_MAX.
    This prevents a certain common programming error (passing -1 to write)
    from leading to other problems deeper in the library.

--- libarchive/archive_write.c.orig	Mon Jan 14 02:43:45 2013
+++ libarchive/archive_write.c	Sat Jan 30 21:29:06 2016
@@ -671,8 +671,13 @@ static ssize_t
 _archive_write_data(struct archive *_a, const void *buff, size_t s)
 {
 	struct archive_write *a = (struct archive_write *)_a;
+	const size_t max_write = INT_MAX;
+
 	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
 	    ARCHIVE_STATE_DATA, "archive_write_data");
+	/* In particular, this catches attempts to pass negative values. */
+	if (s > max_write)
+		s = max_write;
 	archive_clear_error(&a->archive);
 	return ((a->format_write_data)(a, buff, s));
 }
