Place a limit on the mtree line length to make fuzzers happy.

Reported-By: OSS-Fuzz issue 2936

diff --git a/libarchive/archive_read_support_format_mtree.c b/libarchive/archive_read_support_format_mtree.c
index 44b6083cb2f26c2dc98119a0b300c7d84d620cea..5af0a1c6699c6c4d22716bff6abca64089a18fb5 100644 (file)
--- a/libarchive/archive_read_support_format_mtree.c
+++ b/libarchive/archive_read_support_format_mtree.c
@@ -77,6 +77,8 @@ __FBSDID("$FreeBSD: head/lib/libarchive/archive_read_support_format_mtree.c 2011
 
 #define        MTREE_HASHTABLE_SIZE 1024
 
+#define        MAX_LINE_LEN            (1024 * 1024)
+
 struct mtree_option {
        struct mtree_option *next;
        char *value;
@@ -334,6 +336,14 @@ next_line(struct archive_read *a,
                size_t nbytes_req = (*ravail+1023) & ~1023U;
                ssize_t tested;
 
+               /*
+                * Place an arbitrary limit on the line length.
+                * mtree is almost free-form input and without line length limits,
+                * it can consume a lot of memory.
+                */
+               if (len >= MAX_LINE_LEN)
+                       return (-1);
+
                /* Increase reading bytes if it is not enough to at least
                 * new two lines. */
                if (nbytes_req < (size_t)*ravail + 160)