git.ipfire.org Git - thirdparty/libarchive.git/commit

author	Sergey Bobrenok <bobrofon@gmail.com>
	Sat, 25 Jun 2022 17:12:52 +0000 (20:12 +0300)
committer	Sergey Bobrenok <bobrofon@gmail.com>
	Thu, 30 Jun 2022 05:41:18 +0000 (08:41 +0300)
commit	267cda9f7647fabddb2c1641d23b8be5b56f4172
tree	1524e48c5ce0e2d5e945a0f040cef14f166131f1	tree \| snapshot
parent	1385cd9c5126d9b681b7396ad2f353779ad143ba	commit \| diff

rar5: Fix random initial offset if using archive_read_data_into_fd

archive_read_data_into_fd passes a pointer to an uninitialized
variable as an output 'offset' argument into archive_read_data_block
function, and expects that this variable will always be initialized
inside of it.

Like this:
  size_t size;
  int64_t offset;
  archive_read_data_block(a, &buf, &size, &offset);
  /* some work with offset here */

But rar5 implementation of archive_read_data_block function leaves the
'offset' argument uninitialized in one code path (if file is
compressed and there are no uncompressed pending data blocks).

As a result, archive_read_data_info_fd function is using an
uninitialized variable as an initial offset of an output file. And in
most cases it causes an appending sparse block of a random size at the
beginning of the output file.

libarchive/archive_read_support_format_rar5.c		diff \| blob \| blame \| history
libarchive/test/test_read_format_rar5.c		diff \| blob \| blame \| history