git.ipfire.org Git - thirdparty/libarchive.git/commit

author	Grzegorz Antoniak <ga@anadoxin.org>
	Fri, 27 Sep 2019 05:38:58 +0000 (07:38 +0200)
committer	Grzegorz Antoniak <ga@anadoxin.org>
	Fri, 27 Sep 2019 17:51:32 +0000 (19:51 +0200)
commit	b09d86145ff02a85b603c54a7e188513d7c2bc4f
tree	dd7f836c41350a3f7e06b95a96203a7741c79cf6	tree
parent	2f3033ca23f8c21160506c3c7ac8a0df0d3fde42	commit \| diff

RAR5 reader: verify window size for solid files

RAR5 archives can contain files compressed independently of each other,
and files that share a common window buffer, so files which are
compressed using 'solid' method. In the latter case, all files
are required to use the same window buffer, so window size should also
be the same.

OSSFuzz sample #15482 declares a different window size for multiple
solid files. RAR5 reader doesn't reallocate window buffer when
decompressing solid files, so it was possible to perform an
out-of-bounds read by declaring two solid files, where the second solid
file declared the window size parameter that was bigger than window size
used in first solid file.

This commit introduces additional checks to ensure all solid files are
using the same window size.

The commit also adds a test case using OSSFuzz sample #15482 to hunt
down regressions in the future.

Some other test cases had to be adjusted as well, because other OSSFuzz
samples were also declaring different window sizes for solid files. So
this commit has changed the error reporting for those invalid sample files.

Makefile.am		diff \| blob \| blame \| history
libarchive/archive_read_support_format_rar5.c		diff \| blob \| blame \| history
libarchive/test/test_read_format_rar5.c		diff \| blob \| blame \| history
libarchive/test/test_read_format_rar5_different_solid_window_size.rar.uu	[new file with mode: 0644]	blob