From c0691458a0644f3d5bc4d1dc6da61766a6a00b81 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Thu, 5 Jun 2025 21:38:43 +0200
Subject: [PATCH] 7zip: Fix out ouf boundary read in ELF detection

Make sure that the string table size is not smaller than 6 (and also
not larger than SIZE_MAX for better 32 bit support).

Such small values would lead to a large loop limit which either leads to
a crash or wrong detection of a ".data" string in possibly uninitialized
memory.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 libarchive/archive_read_support_format_7zip.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
index b20aa5e6d..846261287 100644
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -811,6 +811,8 @@ find_elf_data_sec(struct archive_read *a)
 			strtab_size = (*dec32)(
 			    h + e_shstrndx * e_shentsize + 0x14);
 		}
+		if (strtab_size < 6 || strtab_size > SIZE_MAX)
+			break;
 
 		/*
 		 * Read the STRTAB section to find the .data offset
-- 
2.47.2