WARC reader: skip whitespace and check for first digit in _warc_rdlen()

Fixes possible heap-buffer-overflow.

Reported-By:	OSS-Fuzz issue 552

diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
index 3f150986be5410795b5c338591ac8c80c80d2dcb..5e22438d268b264934cb9f0f855e75bb86a69ff5 100644 (file)
--- a/libarchive/archive_read_support_format_warc.c
+++ b/libarchive/archive_read_support_format_warc.c
@@ -730,7 +730,12 @@ _warc_rdlen(const char *buf, size_t bsz)
                return -1;
        }
 
-       /* strtol kindly overreads whitespace for us, so use that */
+       /* skip leading whitespace */
+       while (val < eol && isblank(*val))
+               val++;
+       /* there must be at least one digit */
+       if (!isdigit(*val))
+               return -1;
        len = strtol(val, &on, 10);
        if (on != eol) {
                /* line must end here */