From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 25 May 2026 18:59:44 +0000 (+0200)
Subject: zstd: Check for endless loop on 32 bit systems
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f948099a0dc48da6bf0c58415958caab146f2fbe;p=thirdparty%2Flibarchive.git

zstd: Check for endless loop on 32 bit systems

It is possible to trigger an endless loop on 32 bit systems due to
a triggerable integer overflow.

Add a regression test for this.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/Makefile.am b/Makefile.am
index 2ea6c3ad6..ad3afe918 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -476,6 +476,7 @@ libarchive_test_SOURCES= \
 	libarchive/test/test_read_filter_lzop_multiple_parts.c \
 	libarchive/test/test_read_filter_program.c \
 	libarchive/test/test_read_filter_program_signature.c \
+	libarchive/test/test_read_filter_zstd_raw.c \
 	libarchive/test/test_read_filter_uudecode.c \
 	libarchive/test/test_read_filter_uudecode_raw.c \
 	libarchive/test/test_read_format_7zip.c \
@@ -829,6 +830,7 @@ libarchive_test_EXTRA_DIST=\
 	libarchive/test/test_read_filter_lzop_multiple_parts.tar.lzo.uu \
 	libarchive/test/test_read_filter_uudecode_raw.uu \
 	libarchive/test/test_read_filter_uudecode_base64_raw.uu \
+	libarchive/test/test_read_filter_zstd_raw_loop.uu \
 	libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu \
 	libarchive/test/test_read_format_mtree_noprint.mtree.uu \
 	libarchive/test/test_read_format_7zip_bcj2_bzip2.7z.uu \
diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt
index 4f81d8800..866c84c76 100644
--- a/libarchive/test/CMakeLists.txt
+++ b/libarchive/test/CMakeLists.txt
@@ -110,6 +110,7 @@ IF(ENABLE_TEST)
     test_read_filter_program_signature.c
     test_read_filter_uudecode.c
     test_read_filter_uudecode_raw.c
+    test_read_filter_zstd_raw.c
     test_read_format_7zip.c
     test_read_format_7zip_encryption_data.c
     test_read_format_7zip_encryption_header.c
diff --git a/libarchive/test/test_read_filter_zstd_raw.c b/libarchive/test/test_read_filter_zstd_raw.c
new file mode 100644
index 000000000..5a4ea91c6
--- /dev/null
+++ b/libarchive/test/test_read_filter_zstd_raw.c
@@ -0,0 +1,46 @@
+/*-
+ * Copyright (c) 2026 Tobias Stoeckmann
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "test.h"
+
+DEFINE_TEST(test_read_filter_zstd_raw_loop)
+{
+	struct archive *a;
+
+	const char *name = "test_read_filter_zstd_raw_loop";
+
+	assert((a = archive_read_new()) != NULL);
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_raw(a));
+	extract_reference_file(name);
+	assertEqualIntA(a, ARCHIVE_OK,
+	    archive_read_open_filename(a, name, 200));
+
+	/* Verify that the filter detection did NOT work. */
+	assertEqualInt(archive_filter_code(a, 0), ARCHIVE_FILTER_NONE);
+	assertEqualString(archive_filter_name(a, 0), "none");
+
+	assertEqualInt(ARCHIVE_OK, archive_read_close(a));
+	assertEqualInt(ARCHIVE_OK, archive_read_free(a));
+}
diff --git a/libarchive/test/test_read_filter_zstd_raw_loop.uu b/libarchive/test/test_read_filter_zstd_raw_loop.uu
new file mode 100644
index 000000000..932715669
--- /dev/null
+++ b/libarchive/test/test_read_filter_zstd_raw_loop.uu
@@ -0,0 +1,4 @@
+begin 644 test_read_filter_zstd_raw_loop
+,4"I-&/C___\HM2_]
+`
+end