]> git.ipfire.org Git - thirdparty/libarchive.git/commit
projects / thirdparty / libarchive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1385cd9) | patch
Validate entry_bytes_remaining in pax_attribute 1753/head
authorBen Wagner <bungeman@chromium.org>
Tue, 19 Jul 2022 17:02:40 +0000 (13:02 -0400)
committerBen Wagner <bungeman@chromium.org>
Sun, 24 Jul 2022 21:02:03 +0000 (17:02 -0400)
commitfc8c6d2786ecba731d77d33fe3b034f581fcbde3
tree15707c232809d03bc242d8a9d89a2836a0d8dacctree
parent1385cd9c5126d9b681b7396ad2f353779ad143bacommit | diff
Validate entry_bytes_remaining in pax_attribute

The `size` attribute may contain a negative or too large value. Check
the range of the `entry_bytes_remaining` in `pax_attribute` the same way
as `header_common`. The test which is added passes both with and without
this change in a normal debug build. It is necessary to run with
`-fsanitize=undefined` to see that the undefined behavior is avoided.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48467
Makefile.am diff | blob | blame | history
libarchive/archive_read_support_format_tar.c diff | blob | blame | history
libarchive/test/CMakeLists.txt diff | blob | blame | history
libarchive/test/test_read_format_tar_invalid_pax_size.c [new file with mode: 0644] blob
libarchive/test/test_read_format_tar_invalid_pax_size.tar.uu [new file with mode: 0644] blob
Mirror of https://github.com/libarchive/libarchive.git