From: Martin Matuška <martin@matuska.de>
Date: Thu, 12 Jun 2025 08:51:45 +0000 (+0200)
Subject: Merge pull request #2668 from stoeckmann/7z_oob
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f0020dcb21f495ef65d4322d301cd57c5495f44a;p=thirdparty%2Flibarchive.git

Merge pull request #2668 from stoeckmann/7z_oob

7zip: Fix out of boundary access
(cherry picked from commit 9bdc5b82f7b98c9fa0c499268341be2aaf1f699e)
---

diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
index f273f84be..846261287 100644
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -80,7 +80,7 @@
 /*
  * ELF format
  */
-#define ELF_HDR_MIN_LEN 0x34
+#define ELF_HDR_MIN_LEN 0x3f
 #define ELF_HDR_EI_CLASS_OFFSET 0x04
 #define ELF_HDR_EI_DATA_OFFSET 0x05
 
@@ -811,6 +811,8 @@ find_elf_data_sec(struct archive_read *a)
 			strtab_size = (*dec32)(
 			    h + e_shstrndx * e_shentsize + 0x14);
 		}
+		if (strtab_size < 6 || strtab_size > SIZE_MAX)
+			break;
 
 		/*
 		 * Read the STRTAB section to find the .data offset