diff options
author | Martin Matuska <mm@FreeBSD.org> | 2022-02-21 11:04:05 +0000 |
---|---|---|
committer | Martin Matuska <mm@FreeBSD.org> | 2022-02-21 11:04:05 +0000 |
commit | 8b3c99225118107bf1b80fe5d275b268d7790f77 (patch) | |
tree | 0f4d8e2bfe5a699ae079011edceb6b651c89943c | |
parent | 3c540f9694303fc4a0a9a6e44ed786d68a00bf48 (diff) | |
download | src-8b3c99225118107bf1b80fe5d275b268d7790f77.tar.gz src-8b3c99225118107bf1b80fe5d275b268d7790f77.zip |
Update vendor/libarchive to libarchive/libarchive@1271f775d
Bugfixes:
OSS-Fuzz #44843 (security):
RAR reader: fix null-dereference in RAR (v4) filter code
Obtained from: libarchive
Libarchive commit: 1271f775dc917798ad7d03c3b3bd66bacad03603
-rw-r--r-- | libarchive/archive_read_support_format_rar.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c index 388484a76809..7a7318522650 100644 --- a/libarchive/archive_read_support_format_rar.c +++ b/libarchive/archive_read_support_format_rar.c @@ -3328,20 +3328,25 @@ run_filters(struct archive_read *a) struct rar *rar = (struct rar *)(a->format->data); struct rar_filters *filters = &rar->filters; struct rar_filter *filter = filters->stack; - size_t start = filters->filterstart; - size_t end = start + filter->blocklength; + size_t start, end; int64_t tend; uint32_t lastfilteraddress; uint32_t lastfilterlength; int ret; + if (filters == NULL || filter == NULL) + return (0); + + start = filters->filterstart; + end = start + filter->blocklength; + filters->filterstart = INT64_MAX; tend = (int64_t)end; ret = expand(a, &tend); if (ret != ARCHIVE_OK) - return (ret); + return 0; if (tend < 0) - return (ARCHIVE_FATAL); + return 0; end = (size_t)tend; if (end != start + filter->blocklength) return 0; |