From ee645d6bbfa5d1ad769865a262fd95b398919e08 Mon Sep 17 00:00:00 2001 From: Martin Matuska Date: Wed, 8 May 2019 00:22:52 +0200 Subject: [PATCH] RAR5 reader: verify that buffer is initialized in copy_string() Fixes broken test_read_format_rar5_invalid_dict_reference on OmniOS --- libarchive/archive_read_support_format_rar5.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c index 87a8c611d..06b340f8d 100644 --- a/libarchive/archive_read_support_format_rar5.c +++ b/libarchive/archive_read_support_format_rar5.c @@ -2750,6 +2750,9 @@ static int copy_string(struct archive_read* a, int len, int dist) { rar->cstate.solid_offset; int i; + if (rar->cstate.window_buf == NULL) + return ARCHIVE_FATAL; + /* The unpacker spends most of the time in this function. It would be * a good idea to introduce some optimizations here. * -- 2.47.2