archive-libarchive: Fix explosion in RAR decompression (!87) · Merge requests · GNOME / File Roller

Jan Tojnar requested to merge wip/jtojnar/fix-rar-decompression into master Sep 10, 2022

In some cases, libarchive does not initialize the offset attribute to archive_read_data_block for RAR5, often causing _g_output_stream_add_padding to write up to exabytes of padding to extracted file, to reach the random unitialized value in int64_t target_offset.

This will be fixed by https://github.com/libarchive/libarchive/pull/1745 but until a new version is released and widely available, let’s initialize the value ourselves.

Fixes: #46 (closed)

archive-libarchive: Fix explosion in RAR decompression

Merge request reports