diff options
author | mm <mm@FreeBSD.org> | 2017-01-02 01:43:11 +0000 |
---|---|---|
committer | mm <mm@FreeBSD.org> | 2017-01-02 01:43:11 +0000 |
commit | df4798dc9511aa38aa412b763161b0927b955e11 (patch) | |
tree | 72d16a8900f63c42d2726f774bed694dfaa3a2ee /contrib/libarchive/libarchive/archive_write_disk_posix.c | |
parent | cd9bc4aa8c26fc251bae744bd07deff7f250e0b9 (diff) | |
download | FreeBSD-src-df4798dc9511aa38aa412b763161b0927b955e11.zip FreeBSD-src-df4798dc9511aa38aa412b763161b0927b955e11.tar.gz |
MFC r309300,r309363,r309405,r309523,r309590,r310185,r310623:
Sync libarchive with vendor.
Fixed vendor issues (relevant to FreeBSD)
#825, #832: Add sanity check of tar "uid, "gid" and "mtime" fields
#830, #831, #833, #846: Spelling fixes
#850: Fix issues with reading certain jar files
Fixed issues found by Google OSS-Fuzz:
OSS-Fuzz #15: Fix heap-buffer-overflow in archive_le16dec()
OSS-Fuzz #16: Fix possible hang in uudecode_filter_read()
OSS-Fuzz #139, #145, #152: Fix heap-buffer-overflow in uudecode_bidder_bid()
OSS-Fuzz #220: Reject an 'ar' filename table larger than 1GB or a filename
larger than 1MB
OSS-Fuzz #227, #230, #239: Fix possible memory leak in archive_read_free()
OSS-Fuzz #237: Fix heap buffer overflow when reading invalid ar archives
OSS-Fuzz #286: Bugfix in archive_strncat_l()
More information:
https://github.com/libarchive/libarchive/issues/[libarchive_issue_number]
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=[oss_fuzz_issue_number]
Diffstat (limited to 'contrib/libarchive/libarchive/archive_write_disk_posix.c')
-rw-r--r-- | contrib/libarchive/libarchive/archive_write_disk_posix.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/contrib/libarchive/libarchive/archive_write_disk_posix.c b/contrib/libarchive/libarchive/archive_write_disk_posix.c index f094027..c05059a 100644 --- a/contrib/libarchive/libarchive/archive_write_disk_posix.c +++ b/contrib/libarchive/libarchive/archive_write_disk_posix.c @@ -1779,10 +1779,9 @@ archive_write_disk_new(void) { struct archive_write_disk *a; - a = (struct archive_write_disk *)malloc(sizeof(*a)); + a = (struct archive_write_disk *)calloc(1, sizeof(*a)); if (a == NULL) return (NULL); - memset(a, 0, sizeof(*a)); a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC; /* We're ready to write a header immediately. */ a->archive.state = ARCHIVE_STATE_HEADER; @@ -2701,7 +2700,7 @@ check_symlinks(struct archive_write_disk *a) * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx */ static void -cleanup_pathname_win(struct archive_write_disk *a) +cleanup_pathname_win(char *path) { wchar_t wc; char *p; @@ -2712,7 +2711,7 @@ cleanup_pathname_win(struct archive_write_disk *a) mb = 0; complete = 1; utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0; - for (p = a->name; *p != '\0'; p++) { + for (p = path; *p != '\0'; p++) { ++alen; if (*p == '\\') { /* If previous byte is smaller than 128, @@ -2737,7 +2736,7 @@ cleanup_pathname_win(struct archive_write_disk *a) /* * Convert path separator in wide-character. */ - p = a->name; + p = path; while (*p != '\0' && alen) { l = mbtowc(&wc, p, alen); if (l == (size_t)-1) { @@ -2778,7 +2777,7 @@ cleanup_pathname_fsobj(char *path, int *a_eno, struct archive_string *a_estr, } #if defined(__CYGWIN__) - cleanup_pathname_win(a); + cleanup_pathname_win(path); #endif /* Skip leading '/'. */ if (*src == '/') { |