diff options
| author | Martin Matuska <mm@FreeBSD.org> | 2024-04-29 07:18:17 +0000 |
|---|---|---|
| committer | Martin Matuska <mm@FreeBSD.org> | 2024-04-29 07:23:21 +0000 |
| commit | 51c823ac2777784a4eac71d113e8c82c08482bb6 (patch) | |
| tree | 573e8d5e199e03d485e682c6ffed7e2df17b2033 | |
| parent | d6f77d3cfa8e56aed99e2ea250fdb242f51747df (diff) | |
| download | src-51c823ac2777784a4eac71d113e8c82c08482bb6.tar.gz src-51c823ac2777784a4eac71d113e8c82c08482bb6.zip | |
Cherry-pick commits from libarchive to vendor/libarchive
#2148 fix: OOB in rar delta filter (a1cb648d5)
#2149 fix: OOB in rar audio filter (3006bc5d0)
#2150 xar: Fix another infinite loop and expat error handling (b910cb70d)
Obtained from: libarchive
Libarchive commits: b910cb70d4c1b311c9d85cd536a6c91647c43df7
a1cb648d52f5b6d3f31184d9b6a7cbca628459b7
3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
| -rw-r--r-- | libarchive/archive_read_support_format_rar.c | 15 | ||||
| -rw-r--r-- | libarchive/archive_read_support_format_xar.c | 8 | ||||
| -rw-r--r-- | libarchive/test/test_read_format_xar_doublelink.c | 2 |
3 files changed, 22 insertions, 3 deletions
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c index 79669a8f40f9..4fc6626cacfd 100644 --- a/libarchive/archive_read_support_format_rar.c +++ b/libarchive/archive_read_support_format_rar.c @@ -3612,7 +3612,15 @@ execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm) { uint8_t lastbyte = 0; for (idx = i; idx < length; idx += numchannels) + { + /* + * The src block should not overlap with the dst block. + * If so it would be better to consider this archive is broken. + */ + if (src >= dst) + return 0; lastbyte = dst[idx] = lastbyte - *src++; + } } filter->filteredblockaddress = length; @@ -3714,6 +3722,13 @@ execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm) memset(&state, 0, sizeof(state)); for (j = i; j < length; j += numchannels) { + /* + * The src block should not overlap with the dst block. + * If so it would be better to consider this archive is broken. + */ + if (src >= dst) + return 0; + int8_t delta = (int8_t)*src++; uint8_t predbyte, byte; int prederror; diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c index 2c3432642937..cefb36410e77 100644 --- a/libarchive/archive_read_support_format_xar.c +++ b/libarchive/archive_read_support_format_xar.c @@ -2055,9 +2055,10 @@ xml_start(struct archive_read *a, const char *name, struct xmlattr_list *list) attr = attr->next) { if (strcmp(attr->name, "link") != 0) continue; - if (xar->file->hdnext != NULL || xar->file->link != 0) { + if (xar->file->hdnext != NULL || xar->file->link != 0 || + xar->file == xar->hdlink_orgs) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, - "File with multiple link targets"); + "File with multiple link attributes"); return (ARCHIVE_FATAL); } if (strcmp(attr->value, "original") == 0) { @@ -3256,6 +3257,9 @@ expat_start_cb(void *userData, const XML_Char *name, const XML_Char **atts) struct xmlattr_list list; int r; + if (ud->state != ARCHIVE_OK) + return; + r = expat_xmlattr_setup(a, &list, atts); if (r == ARCHIVE_OK) r = xml_start(a, (const char *)name, &list); diff --git a/libarchive/test/test_read_format_xar_doublelink.c b/libarchive/test/test_read_format_xar_doublelink.c index 73ddebd285b9..78d6626a09bf 100644 --- a/libarchive/test/test_read_format_xar_doublelink.c +++ b/libarchive/test/test_read_format_xar_doublelink.c @@ -47,7 +47,7 @@ DEFINE_TEST(test_read_format_xar_doublelink) assertA(ARCHIVE_FATAL == archive_read_next_header(a, &ae)); assertEqualString(archive_error_string(a), - "File with multiple link targets"); + "File with multiple link attributes"); assert(archive_errno(a) != 0); assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); |