Update vendor/libarchive to libarchive/libarchive@db7145537

Bugfixes:
  IS #1685 and OSS-Fuzz #38764:
    (ISO reader) fix possible heap buffer overflow in read_children()
  IS #1715 and OSS-Fuzz #46279:
    (RARv4 reader) fix heap-use-after-free in run_filters()

Obtained from:		libarchive
Libarchive commit:	db714553712debbc447383f735e022031dc13127

2 files changed, 19 insertions, 1 deletions

diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
index db14d41dff45..cd7f92f464d6 100644
--- a/libarchive/archive_read_support_format_iso9660.c
+++ b/libarchive/archive_read_support_format_iso9660.c
@@ -1007,7 +1007,8 @@ read_children(struct archive_read *a, struct file_info *parent)
 		p = b;
 		b += iso9660->logical_block_size;
 		step -= iso9660->logical_block_size;
-		for (; *p != 0 && p < b && p + *p <= b; p += *p) {
+		for (; *p != 0 && p + DR_name_offset < b && p + *p <= b;
+			p += *p) {
 			struct file_info *child;
 
 			/* N.B.: these special directory identifiers
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index 7a7318522650..f9cbe2a8810d 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -3328,6 +3328,7 @@ run_filters(struct archive_read *a)
   struct rar *rar = (struct rar *)(a->format->data);
   struct rar_filters *filters = &rar->filters;
   struct rar_filter *filter = filters->stack;
+  struct rar_filter *f;
   size_t start, end;
   int64_t tend;
   uint32_t lastfilteraddress;
@@ -3345,6 +3346,22 @@ run_filters(struct archive_read *a)
   ret = expand(a, &tend);
   if (ret != ARCHIVE_OK)
     return 0;
+
+  /* Check if filter stack was modified in expand() */
+  ret = ARCHIVE_FATAL;
+  f = filters->stack;
+  while (f)
+  {
+    if (f == filter)
+    {
+      ret = ARCHIVE_OK;
+      break;
+    }
+    f = f->next;
+  }
+  if (ret != ARCHIVE_OK)
+    return 0;
+
   if (tend < 0)
     return 0;
   end = (size_t)tend;