RAR reader: fix null-dereference in RAR (v4) filter code

Add safety check to run_filters() and fix return codes

Reported-by: OSS-Fuzz #44843

diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index 388484a76809402a73f146c6f1e7768b6f4a1f5f..7a7318522650aca265b8e71d99f5c393efbd0175 100644 (file)
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -3328,20 +3328,25 @@ run_filters(struct archive_read *a)
   struct rar *rar = (struct rar *)(a->format->data);
   struct rar_filters *filters = &rar->filters;
   struct rar_filter *filter = filters->stack;
-  size_t start = filters->filterstart;
-  size_t end = start + filter->blocklength;
+  size_t start, end;
   int64_t tend;
   uint32_t lastfilteraddress;
   uint32_t lastfilterlength;
   int ret;
 
+  if (filters == NULL || filter == NULL)
+    return (0);
+
+  start = filters->filterstart;
+  end = start + filter->blocklength;
+
   filters->filterstart = INT64_MAX;
   tend = (int64_t)end;
   ret = expand(a, &tend);
   if (ret != ARCHIVE_OK)
-    return (ret);
+    return 0;
   if (tend < 0)
-    return (ARCHIVE_FATAL);
+    return 0;
   end = (size_t)tend;
   if (end != start + filter->blocklength)
     return 0;