From: Pavel Raiskup <praiskup@redhat.com>
Date: Fri, 23 Nov 2018 13:08:48 +0000 (+0100)
Subject: Fix use-after-free in delayed link processing (newc format)
X-Git-Tag: v3.4.0~161^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F1091%2Fhead;p=thirdparty%2Flibarchive.git

Fix use-after-free in delayed link processing (newc format)

During archiving, if some of the "delayed" hard link entries
happened to disappear on filesystem (or become unreadable) for
some reason (most probably race), the old code free()d the 'entry'
and continued with the loop;  the next loop though dereferenced
'entry' and crashed the archiver.

Per report from Coverity.
---

diff --git a/tar/write.c b/tar/write.c
index e15cc06cc..c6e9fccc4 100644
--- a/tar/write.c
+++ b/tar/write.c
@@ -540,8 +540,7 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
 			lafe_warnc(archive_errno(disk),
 			    "%s", archive_error_string(disk));
 			bsdtar->return_value = 1;
-			archive_entry_free(entry);
-			continue;
+			goto next_entry;
 		}
 
 		/*
@@ -559,13 +558,13 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
 				bsdtar->return_value = 1;
 			else
 				archive_read_close(disk);
-			archive_entry_free(entry);
-			continue;
+			goto next_entry;
 		}
 
 		write_file(bsdtar, a, entry);
-		archive_entry_free(entry);
 		archive_read_close(disk);
+next_entry:
+		archive_entry_free(entry);
 		entry = NULL;
 		archive_entry_linkify(bsdtar->resolver, &entry, &sparse_entry);
 	}