From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 5 Jun 2025 19:38:43 +0000 (+0200)
Subject: 7zip: Fix out ouf boundary read in ELF detection
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2668%2Fhead;p=thirdparty%2Flibarchive.git

7zip: Fix out ouf boundary read in ELF detection

Make sure that the string table size is not smaller than 6 (and also
not larger than SIZE_MAX for better 32 bit support).

Such small values would lead to a large loop limit which either leads to
a crash or wrong detection of a ".data" string in possibly uninitialized
memory.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
index b20aa5e6d..846261287 100644
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -811,6 +811,8 @@ find_elf_data_sec(struct archive_read *a)
 			strtab_size = (*dec32)(
 			    h + e_shstrndx * e_shentsize + 0x14);
 		}
+		if (strtab_size < 6 || strtab_size > SIZE_MAX)
+			break;
 
 		/*
 		 * Read the STRTAB section to find the .data offset