The branch stable/11 has been updated by mm:
URL:
https://cgit.FreeBSD.org/src/commit/?id=8342c11f27ebf504e25a00daad3351e1a508a774
commit 8342c11f27ebf504e25a00daad3351e1a508a774
Author: Martin Matuska <m...@freebsd.org>
AuthorDate: 2022-02-21 11:06:54 +0000
Commit: Martin Matuska <m...@freebsd.org>
CommitDate: 2022-02-23 11:37:34 +0000
libarchive: merge vendor bugfix
OSS-Fuzz #44843 (security):
RAR reader: fix null-dereference in RAR (v4) filter code
(cherry picked from commit 5ccf909af9c1117172ff0742515da2d2e0cef89e)
---
.../libarchive/libarchive/archive_read_support_format_rar.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/contrib/libarchive/libarchive/archive_read_support_format_rar.c
b/contrib/libarchive/libarchive/archive_read_support_format_rar.c
index 388484a76809..7a7318522650 100644
--- a/contrib/libarchive/libarchive/archive_read_support_format_rar.c
+++ b/contrib/libarchive/libarchive/archive_read_support_format_rar.c
@@ -3328,20 +3328,25 @@ run_filters(struct archive_read *a)
struct rar *rar = (struct rar *)(a->format->data);
struct rar_filters *filters = &rar->filters;
struct rar_filter *filter = filters->stack;
- size_t start = filters->filterstart;
- size_t end = start + filter->blocklength;
+ size_t start, end;
int64_t tend;
uint32_t lastfilteraddress;
uint32_t lastfilterlength;
int ret;
+ if (filters == NULL || filter == NULL)
+ return (0);
+
+ start = filters->filterstart;
+ end = start + filter->blocklength;
+
filters->filterstart = INT64_MAX;
tend = (int64_t)end;
ret = expand(a, &tend);
if (ret != ARCHIVE_OK)
- return (ret);
+ return 0;
if (tend < 0)
- return (ARCHIVE_FATAL);
+ return 0;
end = (size_t)tend;
if (end != start + filter->blocklength)
return 0;
