diff options
Diffstat (limited to 'libarchive/test/test_read_format_tar_invalid_pax_size.c')
| -rw-r--r-- | libarchive/test/test_read_format_tar_invalid_pax_size.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/libarchive/test/test_read_format_tar_invalid_pax_size.c b/libarchive/test/test_read_format_tar_invalid_pax_size.c new file mode 100644 index 000000000000..0a03cb677593 --- /dev/null +++ b/libarchive/test/test_read_format_tar_invalid_pax_size.c @@ -0,0 +1,53 @@ +/*- + * Copyright (c) 2020 Ben Wagner + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD$"); + +/* + * The pax size attribute can be used to override the size. + * It should be validated the same way the normal size is validated. + * The test data is fuzzer output from + * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48467 . + */ +DEFINE_TEST(test_read_format_tar_invalid_pax_size) +{ + /* + * An archive that contains a PAX 'size' record with a large negative value. + */ + struct archive_entry *ae; + struct archive *a; + const char *refname = "test_read_format_tar_invalid_pax_size.tar"; + + extract_reference_file(refname); + assert((a = archive_read_new()) != NULL); + assertEqualInt(ARCHIVE_OK, archive_read_support_filter_all(a)); + assertEqualInt(ARCHIVE_OK, archive_read_support_format_all(a)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, refname, 10240)); + /* This assert will pass a normal debug build without the pax size check. */ + /* Run this test with `-fsanitize=undefined` to verify. */ + assertEqualIntA(a, ARCHIVE_FATAL, archive_read_next_header(a, &ae)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); + assertEqualInt(ARCHIVE_OK, archive_read_free(a)); +} |