fix: OOB in rar audio filter (#2149)

author Wei-Cheng Pan <legnaleurc@gmail.com>

Sun, 28 Apr 2024 21:53:19 +0000 (06:53 +0900)

committer GitHub <noreply@github.com>

Sun, 28 Apr 2024 21:53:19 +0000 (23:53 +0200)
author Wei-Cheng Pan <legnaleurc@gmail.com>
Sun, 28 Apr 2024 21:53:19 +0000 (06:53 +0900)
committer GitHub <noreply@github.com>
Sun, 28 Apr 2024 21:53:19 +0000 (23:53 +0200)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c

index 619ee81e2b5924b9d41d55bd353211b84ccbee08..4fc6626cacfdb2c29941f3b9b4b26f523c2b94f8 100644 (file)
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -3722,6 +3722,13 @@ execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm)
      memset(&state, 0, sizeof(state));
      for (j = i; j < length; j += numchannels)
      {
+      /*
+       * The src block should not overlap with the dst block.
+       * If so it would be better to consider this archive is broken.
+       */
+      if (src >= dst)
+        return 0;
+
        int8_t delta = (int8_t)*src++;
        uint8_t predbyte, byte;
        int prederror;
author	Wei-Cheng Pan <legnaleurc@gmail.com>
	Sun, 28 Apr 2024 21:53:19 +0000 (06:53 +0900)
committer	GitHub <noreply@github.com>
	Sun, 28 Apr 2024 21:53:19 +0000 (23:53 +0200)