From: Martin Matuska <martin@matuska.de>
Date: Wed, 14 May 2025 10:37:26 +0000 (+0200)
Subject: 7z: fix out-of-bounds read in 7z self extracting archive detection
X-Git-Tag: v3.8.0~16^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2604%2Fhead;p=thirdparty%2Flibarchive.git

7z: fix out-of-bounds read in 7z self extracting archive detection

Fixes OSS-Fuzz issue 416832167
---

diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
index ca551784f..c72322f56 100644
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -778,11 +778,16 @@ find_elf_data_sec(struct archive_read *a)
 			e_shentsize = (*dec16)(h + 0x3A);
 			e_shnum = (*dec16)(h + 0x3C);
 			e_shstrndx = (*dec16)(h + 0x3E);
+			if (e_shnum < e_shstrndx || e_shentsize < 0x28)
+				break;
+
 		} else {
 			e_shoff = (*dec32)(h + 0x20);
 			e_shentsize = (*dec16)(h + 0x2E);
 			e_shnum = (*dec16)(h + 0x30);
 			e_shstrndx = (*dec16)(h + 0x32);
+			if (e_shnum < e_shstrndx || e_shentsize < 0x18)
+				break;
 		}
 
 		/*