aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Matuska <mm@FreeBSD.org>2022-02-21 11:04:05 +0000
committerMartin Matuska <mm@FreeBSD.org>2022-02-21 11:04:05 +0000
commit8b3c99225118107bf1b80fe5d275b268d7790f77 (patch)
tree0f4d8e2bfe5a699ae079011edceb6b651c89943c
parent3c540f9694303fc4a0a9a6e44ed786d68a00bf48 (diff)
downloadsrc-8b3c99225118107bf1b80fe5d275b268d7790f77.tar.gz
src-8b3c99225118107bf1b80fe5d275b268d7790f77.zip
Update vendor/libarchive to libarchive/libarchive@1271f775d
Bugfixes: OSS-Fuzz #44843 (security): RAR reader: fix null-dereference in RAR (v4) filter code Obtained from: libarchive Libarchive commit: 1271f775dc917798ad7d03c3b3bd66bacad03603
Diffstat
-rw-r--r--libarchive/archive_read_support_format_rar.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index 388484a76809..7a7318522650 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -3328,20 +3328,25 @@ run_filters(struct archive_read *a)
struct rar *rar = (struct rar *)(a->format->data);
struct rar_filters *filters = &rar->filters;
struct rar_filter *filter = filters->stack;
- size_t start = filters->filterstart;
- size_t end = start + filter->blocklength;
+ size_t start, end;
int64_t tend;
uint32_t lastfilteraddress;
uint32_t lastfilterlength;
int ret;
+ if (filters == NULL || filter == NULL)
+ return (0);
+
+ start = filters->filterstart;
+ end = start + filter->blocklength;
+
filters->filterstart = INT64_MAX;
tend = (int64_t)end;
ret = expand(a, &tend);
if (ret != ARCHIVE_OK)
- return (ret);
+ return 0;
if (tend < 0)
- return (ARCHIVE_FATAL);
+ return 0;
end = (size_t)tend;
if (end != start + filter->blocklength)
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 12:24:54 +0000