--- /dev/null
+From 51b4c35bb38b7df4af24de7f103863dd79129b01 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Tue, 27 May 2025 17:09:12 +0200
+Subject: [PATCH] Fix FILE_skip regression
+
+The fseek* family of functions return 0 on success, not the new offset.
+This is only true for lseek.
+
+Fixes https://github.com/libarchive/libarchive/issues/2641
+Fixes dcbf1e0ededa95849f098d154a25876ed5754bcf
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+
+CVE: CVE-2025-5918
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/51b4c35bb38b7df4af24de7f103863dd79129b01]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libarchive/archive_read_open_file.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/libarchive/archive_read_open_file.c b/libarchive/archive_read_open_file.c
+index 6ed18a0c..742923ab 100644
+--- a/libarchive/archive_read_open_file.c
++++ b/libarchive/archive_read_open_file.c
+@@ -132,7 +132,7 @@ FILE_skip(struct archive *a, void *client_data, int64_t request)
+ #else
+ long skip = (long)request;
+ #endif
+- int64_t old_offset, new_offset;
++ int64_t old_offset, new_offset = -1;
+ int skip_bits = sizeof(skip) * 8 - 1;
+
+ (void)a; /* UNUSED */
+@@ -170,11 +170,14 @@ FILE_skip(struct archive *a, void *client_data, int64_t request)
+ #ifdef __ANDROID__
+ new_offset = lseek(fileno(mine->f), skip, SEEK_CUR);
+ #elif HAVE__FSEEKI64
+- new_offset = _fseeki64(mine->f, skip, SEEK_CUR);
++ if (_fseeki64(mine->f, skip, SEEK_CUR) == 0)
++ new_offset = _ftelli64(mine->f);
+ #elif HAVE_FSEEKO
+- new_offset = fseeko(mine->f, skip, SEEK_CUR);
++ if (fseeko(mine->f, skip, SEEK_CUR) == 0)
++ new_offset = ftello(mine->f);
+ #else
+- new_offset = fseek(mine->f, skip, SEEK_CUR);
++ if (fseek(mine->f, skip, SEEK_CUR) == 0)
++ new_offset = ftell(mine->f);
+ #endif
+ if (new_offset >= 0)
+ return (new_offset - old_offset);
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
