From: Tobias Stoeckmann Date: Fri, 9 May 2025 11:31:00 +0000 (+0200) Subject: rar: Fix rar_read_ahead call stack overflow (#2592) X-Git-Tag: v3.8.0~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2b8db0f82d9b6f5a583cac973e98197e7ecee9a4;p=thirdparty%2Flibarchive.git rar: Fix rar_read_ahead call stack overflow (#2592) It is possible to trigger a call stack overflow by repeatedly entering the rar_read_ahead function. In normal circumstances, this recursion is optimized away by common compilers, but default settings with MSVC keep the recursion in place. Explicitly turn the recursion into a goto-loop to avoid the overflow even with no compiler optimizations. Signed-off-by: Tobias Stoeckmann --- diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c index d3b91b1fb..8730f0771 100644 --- a/libarchive/archive_read_support_format_rar.c +++ b/libarchive/archive_read_support_format_rar.c @@ -3186,8 +3186,12 @@ static const void * rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail) { struct rar *rar = (struct rar *)(a->format->data); - const void *h = __archive_read_ahead(a, min, avail); + const void *h; int ret; + +again: + h = __archive_read_ahead(a, min, avail); + if (avail) { if (a->archive.read_data_is_posix_read && *avail > (ssize_t)a->archive.read_data_requested) @@ -3209,7 +3213,7 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail) rar->filename_must_match = 0; if (ret != (ARCHIVE_OK)) return NULL; - return rar_read_ahead(a, min, avail); + goto again; } } return h;