forked from mirrors/tar-split
archive/tar: terminate when reading malformed sparse files
Fixes #10968. Change-Id: I027bc571a71629ac49c2a0ff101b2950af6e7531 Reviewed-on: https://go-review.googlesource.com/10482 Reviewed-by: David Symonds <dsymonds@golang.org> Run-TryBot: David Symonds <dsymonds@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
parent
576b273762
commit
55dceefe42
3 changed files with 22 additions and 0 deletions
|
@ -899,6 +899,9 @@ func (sfr *sparseFileReader) Read(b []byte) (n int, err error) {
|
||||||
// Otherwise, we're at the end of the file
|
// Otherwise, we're at the end of the file
|
||||||
return 0, io.EOF
|
return 0, io.EOF
|
||||||
}
|
}
|
||||||
|
if sfr.tot < sfr.sp[0].offset {
|
||||||
|
return 0, io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
if sfr.pos < sfr.sp[0].offset {
|
if sfr.pos < sfr.sp[0].offset {
|
||||||
// We're in a hole
|
// We're in a hole
|
||||||
n = sfr.readHole(b, sfr.sp[0].offset)
|
n = sfr.readHole(b, sfr.sp[0].offset)
|
||||||
|
|
|
@ -757,3 +757,22 @@ func TestNegativeHdrSize(t *testing.T) {
|
||||||
}
|
}
|
||||||
io.Copy(ioutil.Discard, r)
|
io.Copy(ioutil.Discard, r)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This used to hang in (*sparseFileReader).readHole due to missing
|
||||||
|
// verification of sparse offsets against file size.
|
||||||
|
func TestIssue10968(t *testing.T) {
|
||||||
|
f, err := os.Open("testdata/issue10968.tar")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
r := NewReader(f)
|
||||||
|
_, err = r.Next()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
_, err = io.Copy(ioutil.Discard, r)
|
||||||
|
if err != io.ErrUnexpectedEOF {
|
||||||
|
t.Fatalf("expected %q, got %q", io.ErrUnexpectedEOF, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
BIN
archive/tar/testdata/issue10968.tar
vendored
Normal file
BIN
archive/tar/testdata/issue10968.tar
vendored
Normal file
Binary file not shown.
Loading…
Reference in a new issue