diff options
author | Grzegorz Antoniak <ga@anadoxin.org> | 2021-02-13 10:13:22 +0100 |
---|---|---|
committer | Grzegorz Antoniak <ga@anadoxin.org> | 2022-02-08 07:21:44 +0100 |
commit | 313bcd7ac547f7cc25945831f63507420c0874d7 (patch) | |
tree | 876359930127f353bb029b40a97bd512bfea4152 /Makefile.am | |
parent | c9788f9b70ba930797bd114b2149d8c633d2d6cb (diff) | |
download | libarchive-313bcd7ac547f7cc25945831f63507420c0874d7.tar.gz |
RAR5 reader: add more checks for invalid extraction parameters
Some specially crafted files declare invalid extraction parameters that
can confuse the RAR5 reader.
One of the arguments is the declared window size parameter that the
archive file can declare for each file stored in the archive. Some
crafted files declare window size equal to 0, which is clearly wrong.
This commit adds additional safety checks decreasing the tolerance of
the RAR5 format.
This commit also contains OSSFuzz sample #30459.
Diffstat (limited to 'Makefile.am')
-rw-r--r-- | Makefile.am | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 1523c539..743aaa0d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -895,6 +895,7 @@ libarchive_test_EXTRA_DIST=\ libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \ libarchive/test/test_read_format_rar5_decode_number_out_of_bounds_read.rar.uu \ libarchive/test/test_read_format_rar5_window_buf_and_size_desync.rar.uu \ + libarchive/test/test_read_format_rar5_bad_window_sz_in_mltarc_file.rar.uu \ libarchive/test/test_read_format_raw.bufr.uu \ libarchive/test/test_read_format_raw.data.gz.uu \ libarchive/test/test_read_format_raw.data.Z.uu \ |