[file-roller/wip/jtojnar/fix-rar-decompression] archive-libarchive: Fix explosion in RAR decompression

From: Jan Tojnar <jtojnar src gnome org>
To: commits-list gnome org
Cc:
Subject: [file-roller/wip/jtojnar/fix-rar-decompression] archive-libarchive: Fix explosion in RAR decompression
Date: Sat, 10 Sep 2022 02:04:20 +0000 (UTC)


commit 9d8d3992403bf36d44ab4bf812ab1c9c5cf49bbd
Author: Jan Tojnar <jtojnar gmail com>
Date:   Sat Sep 10 02:54:14 2022 +0200

    archive-libarchive: Fix explosion in RAR decompression
    
    In some cases, libarchive does not initialize the `offset` attribute
    to `archive_read_data_block` for RAR5, often causing `_g_output_stream_add_padding`
    to write up to exabytes of padding to extracted file, to reach the random
    unitialized value in `int64_t target_offset`.
    
    This will be fixed by https://github.com/libarchive/libarchive/pull/1745
    but until a new version is released and widely available,
    let’s initialize the value ourselves.
    
    Fixes: https://gitlab.gnome.org/GNOME/file-roller/-/issues/46

 NEWS                        | 2 +-
 src/fr-archive-libarchive.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/NEWS b/NEWS
index bebb3240..4502b3e8 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,7 @@ New features and user visible changes:
 
 Bugs fixed:
 
--
+- Prevent libarchive backend from writing endless padding when extracting RAR archives (!87)
 
 Other changes:
 
diff --git a/src/fr-archive-libarchive.c b/src/fr-archive-libarchive.c
index 45b03946..5ca65058 100644
--- a/src/fr-archive-libarchive.c
+++ b/src/fr-archive-libarchive.c
@@ -810,7 +810,8 @@ extract_archive_thread (GSimpleAsyncResult *result,
                g_autoptr (GOutputStream) ostream = NULL;
                const void    *buffer;
                size_t         buffer_size;
-               int64_t        target_offset, actual_offset;
+               int64_t target_offset = 0;
+               int64_t actual_offset = 0;
                GError        *local_error = NULL;
                __LA_MODE_T    filetype;
 
@@ -997,7 +998,6 @@ extract_archive_thread (GSimpleAsyncResult *result,
                                if (ostream == NULL)
                                        break;
 
-                               actual_offset = 0;
                                while ((r = archive_read_data_block (a, &buffer, &buffer_size, 
&target_offset)) == ARCHIVE_OK) {
                                        gsize bytes_written;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]