RAR5 reader: add more checks for invalid extraction parameters

Some specially crafted files declare invalid extraction parameters that can confuse the RAR5 reader. One of the arguments is the declared window size parameter that the archive file can declare for each file stored in the archive. Some crafted files declare window size equal to 0, which is clearly wrong. This commit adds additional safety checks decreasing the tolerance of the RAR5 format. This commit also contains OSSFuzz sample #30459.
author: Grzegorz Antoniak <ga@anadoxin.org> 2021-02-13 10:13:22 +0100
committer: Grzegorz Antoniak <ga@anadoxin.org> 2022-02-08 07:21:44 +0100
commit: 313bcd7ac547f7cc25945831f63507420c0874d7 (patch)
tree: 876359930127f353bb029b40a97bd512bfea4152 /Makefile.am
parent: c9788f9b70ba930797bd114b2149d8c633d2d6cb (diff)
download: libarchive-313bcd7ac547f7cc25945831f63507420c0874d7.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am
index 1523c539..743aaa0d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -895,6 +895,7 @@ libarchive_test_EXTRA_DIST=\
 	libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \
 	libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu \
 	libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu \
+	libarchive/test/test_read_format_rar5_bad_window_sz_in_mltarc_file.rar.uu \
 	libarchive/test/test_read_format_raw.bufr.uu \
 	libarchive/test/test_read_format_raw.data.gz.uu \
 	libarchive/test/test_read_format_raw.data.Z.uu \
author	Grzegorz Antoniak <ga@anadoxin.org>	2021-02-13 10:13:22 +0100
committer	Grzegorz Antoniak <ga@anadoxin.org>	2022-02-08 07:21:44 +0100
commit	313bcd7ac547f7cc25945831f63507420c0874d7 (patch)
tree	876359930127f353bb029b40a97bd512bfea4152 /Makefile.am
parent	c9788f9b70ba930797bd114b2149d8c633d2d6cb (diff)
download	libarchive-313bcd7ac547f7cc25945831f63507420c0874d7.tar.gz