]> git.ipfire.org Git - thirdparty/libarchive.git/commit
projects / thirdparty / libarchive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 808059a) | patch
RAR5 reader: clear 'data ready' cache on window buffer reallocs (#2265)
authorGrzegorz Antoniak <antekone@users.noreply.github.com>
Sun, 7 Jul 2024 17:46:42 +0000 (19:46 +0200)
committerGitHub <noreply@github.com>
Sun, 7 Jul 2024 17:46:42 +0000 (19:46 +0200)
commit6db1836fa6bf8501f907170f6a60da5c5e502913
tree6ad85ecd1e7279da9fdd0424788eea5bb0332db9tree
parent808059a01f28977bdb366723dd8d4ab79fb6b0a0commit | diff
RAR5 reader: clear 'data ready' cache on window buffer reallocs (#2265)

The RAR5 reader is using a small stack of cached pointers to submit the
rendered data to the caller. In malformed files it's possible for this
pointer cache to be desynchronized with the memory buffer those pointers
are pointing to, making libarchive crash on invalid memory access.

OSS-Fuzz Issue: 70024
Makefile.am diff | blob | blame | history
libarchive/archive_read_support_format_rar5.c diff | blob | blame | history
libarchive/test/test_read_format_rar5.c diff | blob | blame | history
libarchive/test/test_read_format_rar5_data_ready_pointer_leak.rar.uu [new file with mode: 0644] blob
Mirror of https://github.com/libarchive/libarchive.git