From: Joerg Sonnenberger <joerg@bec.de>
Date: Wed, 6 Sep 2017 20:48:44 +0000 (+0200)
Subject: Place a limit on the mtree line length to make fuzzers happy.
X-Git-Tag: v3.3.3~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=227d33aef2b3fb3a2367e3511a36e90db7d2be78;p=thirdparty%2Flibarchive.git

Place a limit on the mtree line length to make fuzzers happy.

Reported-By: OSS-Fuzz issue 2936
---

diff --git a/libarchive/archive_read_support_format_mtree.c b/libarchive/archive_read_support_format_mtree.c
index 44b6083cb..5af0a1c66 100644
--- a/libarchive/archive_read_support_format_mtree.c
+++ b/libarchive/archive_read_support_format_mtree.c
@@ -77,6 +77,8 @@ __FBSDID("$FreeBSD: head/lib/libarchive/archive_read_support_format_mtree.c 2011
 
 #define	MTREE_HASHTABLE_SIZE 1024
 
+#define	MAX_LINE_LEN		(1024 * 1024)
+
 struct mtree_option {
 	struct mtree_option *next;
 	char *value;
@@ -334,6 +336,14 @@ next_line(struct archive_read *a,
 		size_t nbytes_req = (*ravail+1023) & ~1023U;
 		ssize_t tested;
 
+		/*
+		 * Place an arbitrary limit on the line length.
+		 * mtree is almost free-form input and without line length limits,
+		 * it can consume a lot of memory.
+		 */
+		if (len >= MAX_LINE_LEN)
+			return (-1);
+
 		/* Increase reading bytes if it is not enough to at least
 		 * new two lines. */
 		if (nbytes_req < (size_t)*ravail + 160)