]> git.ipfire.org Git - thirdparty/libarchive.git/commitdiff
projects / thirdparty / libarchive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 84f7fd0)
Do something useful for directories by setting the mask to 0.
authorJoerg Sonnenberger <joerg@bec.de>
Mon, 7 Jan 2019 20:34:28 +0000 (21:34 +0100)
committerJoerg Sonnenberger <joerg@bec.de>
Mon, 7 Jan 2019 20:34:28 +0000 (21:34 +0100)
This avoids buffer overflows by always truncating the window correctly.

Reported-By: OSS-Fuzz issue 11011
libarchive/archive_read_support_format_rar5.c patch | blob | blame | history

diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
index 31f9dd530e122b7f61444364c6f25b5ad3b7f1d0..99d8176818cca15fdd7d50e97a725e0f68bc8007 100644 (file)
--- a/libarchive/archive_read_support_format_rar5.c
+++ b/libarchive/archive_read_support_format_rar5.c
@@ -1836,7 +1836,10 @@ static int rar5_read_header(struct archive_read *a,
 
 static void init_unpack(struct rar5* rar) {
     rar->file.calculated_crc32 = 0;
-    rar->cstate.window_mask = rar->cstate.window_size - 1;
+    if (rar->cstate.window_size)
+        rar->cstate.window_mask = rar->cstate.window_size - 1;
+    else
+        rar->cstate.window_mask = 0;
 
     if(rar->cstate.window_buf)
         free(rar->cstate.window_buf);
Mirror of https://github.com/libarchive/libarchive.git