diff options
author | Robert Griebl <robert.griebl@qt.io> | 2023-02-22 13:42:20 +0100 |
---|---|---|
committer | Robert Griebl <robert.griebl@qt.io> | 2023-02-22 14:49:32 +0100 |
commit | 6f0eed2f383fdac97e33e01f67fba90260426353 (patch) | |
tree | 7eb9344565639d0921f58125b3b77428e7c879cf /src/3rdparty/libarchive/libarchive/archive_read_support_format_tar.c | |
parent | fd900784f41711c500369e1c39e46c73e95878cb (diff) | |
download | qtapplicationmanager-6f0eed2f383fdac97e33e01f67fba90260426353.tar.gz |
Update libarchive 3rd-party code from 3.6.1 to 3.6.2
Change-Id: I4b40a2f820e52bdfa8c4165b7a10b25d7e941e17
Pick-to: 6.5
Reviewed-by: Dominik Holland <dominik.holland@qt.io>
Diffstat (limited to 'src/3rdparty/libarchive/libarchive/archive_read_support_format_tar.c')
-rw-r--r-- | src/3rdparty/libarchive/libarchive/archive_read_support_format_tar.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/3rdparty/libarchive/libarchive/archive_read_support_format_tar.c b/src/3rdparty/libarchive/libarchive/archive_read_support_format_tar.c index bfdad7f8..93c3fd58 100644 --- a/src/3rdparty/libarchive/libarchive/archive_read_support_format_tar.c +++ b/src/3rdparty/libarchive/libarchive/archive_read_support_format_tar.c @@ -407,14 +407,13 @@ archive_read_format_tar_bid(struct archive_read *a, int best_bid) /* * Check format of mode/uid/gid/mtime/size/rdevmajor/rdevminor fields. */ - if (bid > 0 && ( - validate_number_field(header->mode, sizeof(header->mode)) == 0 + if (validate_number_field(header->mode, sizeof(header->mode)) == 0 || validate_number_field(header->uid, sizeof(header->uid)) == 0 || validate_number_field(header->gid, sizeof(header->gid)) == 0 || validate_number_field(header->mtime, sizeof(header->mtime)) == 0 || validate_number_field(header->size, sizeof(header->size)) == 0 || validate_number_field(header->rdevmajor, sizeof(header->rdevmajor)) == 0 - || validate_number_field(header->rdevminor, sizeof(header->rdevminor)) == 0)) { + || validate_number_field(header->rdevminor, sizeof(header->rdevminor)) == 0) { bid = 0; } @@ -2108,6 +2107,21 @@ pax_attribute(struct archive_read *a, struct tar *tar, /* "size" is the size of the data in the entry. */ tar->entry_bytes_remaining = tar_atol10(value, strlen(value)); + if (tar->entry_bytes_remaining < 0) { + tar->entry_bytes_remaining = 0; + archive_set_error(&a->archive, + ARCHIVE_ERRNO_MISC, + "Tar size attribute is negative"); + return (ARCHIVE_FATAL); + } + if (tar->entry_bytes_remaining == INT64_MAX) { + /* Note: tar_atol returns INT64_MAX on overflow */ + tar->entry_bytes_remaining = 0; + archive_set_error(&a->archive, + ARCHIVE_ERRNO_MISC, + "Tar size attribute overflow"); + return (ARCHIVE_FATAL); + } /* * The "size" pax header keyword always overrides the * "size" field in the tar header. |