30 lines
1.0 KiB
Diff
30 lines
1.0 KiB
Diff
From 17d9d73ee92eeb1a08b0a56659d010d8120af33a Mon Sep 17 00:00:00 2001
|
|
From: Wei-Cheng Pan <legnaleurc@gmail.com>
|
|
Date: Fri, 26 Apr 2024 13:58:34 +0900
|
|
Subject: [PATCH] fix: OOB in rar delta filter
|
|
|
|
---
|
|
libarchive/archive_read_support_format_rar.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
|
|
index 79669a8f4..619ee81e2 100644
|
|
--- a/libarchive/archive_read_support_format_rar.c
|
|
+++ b/libarchive/archive_read_support_format_rar.c
|
|
@@ -3612,7 +3612,15 @@ execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm)
|
|
{
|
|
uint8_t lastbyte = 0;
|
|
for (idx = i; idx < length; idx += numchannels)
|
|
+ {
|
|
+ /*
|
|
+ * The src block should not overlap with the dst block.
|
|
+ * If so it would be better to consider this archive is broken.
|
|
+ */
|
|
+ if (src >= dst)
|
|
+ return 0;
|
|
lastbyte = dst[idx] = lastbyte - *src++;
|
|
+ }
|
|
}
|
|
|
|
filter->filteredblockaddress = length;
|