LibArchive: Make get_field_as_integral error out on non-octal input

Fixes this bug that was reported by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52493
2025-07-25 15:07:45 +00:00 · 2022-11-11 18:31:45 +02:00 · 2022-11-11 18:31:45 +02:00 · 58e9262ff1
commit 58e9262ff1
parent c88d8a21cc
4 changed files with 54 additions and 19 deletions
--- a/Userland/Libraries/LibArchive/TarStream.cpp
+++ b/Userland/Libraries/LibArchive/TarStream.cpp
@ -25,7 +25,12 @@ size_t TarFileStream::read(Bytes bytes)
    if (has_any_error())
        return 0;

-    auto to_read = min(bytes.size(), m_tar_stream.header().size() - m_tar_stream.m_file_offset);
+    auto header_size_or_error = m_tar_stream.header().size();
+    if (header_size_or_error.is_error())
+        return 0;
+    auto header_size = header_size_or_error.release_value();
+
+    auto to_read = min(bytes.size(), header_size - m_tar_stream.m_file_offset);

    auto nread = m_tar_stream.m_stream.read(bytes.trim(to_read));
    m_tar_stream.m_file_offset += nread;
@ -37,8 +42,13 @@ bool TarFileStream::unreliable_eof() const
    // verify that the stream has not advanced
    VERIFY(m_tar_stream.m_generation == m_generation);

+    auto header_size_or_error = m_tar_stream.header().size();
+    if (header_size_or_error.is_error())
+        return true;
+    auto header_size = header_size_or_error.release_value();
+
    return m_tar_stream.m_stream.unreliable_eof()
-        || m_tar_stream.m_file_offset >= m_tar_stream.header().size();
+        || m_tar_stream.m_file_offset >= header_size;
 }

 bool TarFileStream::read_or_error(Bytes bytes)
@ -59,7 +69,12 @@ bool TarFileStream::discard_or_error(size_t count)
    // verify that the stream has not advanced
    VERIFY(m_tar_stream.m_generation == m_generation);

-    if (count > m_tar_stream.header().size() - m_tar_stream.m_file_offset) {
+    auto header_size_or_error = m_tar_stream.header().size();
+    if (header_size_or_error.is_error())
+        return false;
+    auto header_size = header_size_or_error.release_value();
+
+    if (count > header_size - m_tar_stream.m_file_offset) {
        return false;
    }
    m_tar_stream.m_file_offset += count;
@ -88,7 +103,13 @@ ErrorOr<void> TarInputStream::advance()
        return Error::from_string_literal("Attempted to read a finished stream");

    m_generation++;
-    VERIFY(m_stream.discard_or_error(block_ceiling(m_header.size()) - m_file_offset));
+
+    auto header_size_or_error = m_header.size();
+    if (header_size_or_error.is_error())
+        return header_size_or_error.release_error();
+    auto header_size = header_size_or_error.release_value();
+
+    VERIFY(m_stream.discard_or_error(block_ceiling(header_size) - m_file_offset));
    m_file_offset = 0;

    if (!m_stream.read_or_error(Bytes(&m_header, sizeof(m_header)))) {
@ -116,7 +137,10 @@ bool TarInputStream::valid() const
        return false;

    // POSIX.1-1988 tar does not have magic numbers, so we also need to verify the header checksum.
-    return header().checksum() == header().expected_checksum();
+    if (header().checksum().is_error())
+        return false;
+
+    return header().checksum().release_value() == header().expected_checksum();
 }

 TarFileStream TarInputStream::file_contents()