From: Martin Matuska <martin@matuska.org>
Date: Tue, 7 May 2019 22:22:52 +0000 (+0200)
Subject: RAR5 reader: verify that buffer is initialized in copy_string()
X-Git-Tag: v3.4.0~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ee645d6bbfa5d1ad769865a262fd95b398919e08;p=thirdparty%2Flibarchive.git

RAR5 reader: verify that buffer is initialized in copy_string()

Fixes broken test_read_format_rar5_invalid_dict_reference on OmniOS
---

diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
index 87a8c611d..06b340f8d 100644
--- a/libarchive/archive_read_support_format_rar5.c
+++ b/libarchive/archive_read_support_format_rar5.c
@@ -2750,6 +2750,9 @@ static int copy_string(struct archive_read* a, int len, int dist) {
 	    rar->cstate.solid_offset;
 	int i;
 
+	if (rar->cstate.window_buf == NULL)
+		return ARCHIVE_FATAL;
+
 	/* The unpacker spends most of the time in this function. It would be
 	 * a good idea to introduce some optimizations here.
 	 *