Fiz /usr/bin/unzip: A bug deep in libarchive's read-ahead logic

(incorrect handling of zero-length reads before the copy buffer is
allocated) is masked by the iso9660 taster.  Tar and cpio both enable
that taster so were protected from the bug; unzip is susceptible.

This both fixes the bug and updates the test harness to exercise
this case.

Submitted by: Ed Schouten diagnosed the bug and drafted a patch
MFC after: 7 days

1 files changed, 5 insertions, 2 deletions

diff --git a/lib/libarchive/archive_read.c b/lib/libarchive/archive_read.c
index 9274d66..fd4f888 100644
--- a/lib/libarchive/archive_read.c
+++ b/lib/libarchive/archive_read.c
@@ -928,9 +928,12 @@ __archive_read_filter_ahead(struct archive_read_filter *filter,
 	for (;;) {
 
 		/*
-		 * If we can satisfy from the copy buffer, we're done.
+		 * If we can satisfy from the copy buffer (and the
+		 * copy buffer isn't empty), we're done.  In particular,
+		 * note that min == 0 is a perfectly well-defined
+		 * request.
 		 */
-		if (filter->avail >= min) {
+		if (filter->avail >= min && filter->avail > 0) {
 			if (avail != NULL)
 				*avail = filter->avail;
 			return (filter->next);