forked from mirrors/tar-split
archive/tar: don't panic on negative file size
Fixes #10959. Fixes #10960. Change-Id: I9a81a0e2b8275338d0d1c3f7f7265e0fd91f3de2 Reviewed-on: https://go-review.googlesource.com/10402 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: David Symonds <dsymonds@golang.org> Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
parent
6e38573de2
commit
576b273762
3 changed files with 20 additions and 0 deletions
|
@ -553,6 +553,10 @@ func (tr *Reader) readHeader() *Header {
|
|||
hdr.Uid = int(tr.octal(s.next(8)))
|
||||
hdr.Gid = int(tr.octal(s.next(8)))
|
||||
hdr.Size = tr.octal(s.next(12))
|
||||
if hdr.Size < 0 {
|
||||
tr.err = ErrHeader
|
||||
return nil
|
||||
}
|
||||
hdr.ModTime = time.Unix(tr.octal(s.next(12)), 0)
|
||||
s.next(8) // chksum
|
||||
hdr.Typeflag = s.next(1)[0]
|
||||
|
|
|
@ -741,3 +741,19 @@ func TestUninitializedRead(t *testing.T) {
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
// Negative header size should not cause panic.
|
||||
// Issues 10959 and 10960.
|
||||
func TestNegativeHdrSize(t *testing.T) {
|
||||
f, err := os.Open("testdata/neg-size.tar")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer f.Close()
|
||||
r := NewReader(f)
|
||||
_, err = r.Next()
|
||||
if err != ErrHeader {
|
||||
t.Error("want ErrHeader, got", err)
|
||||
}
|
||||
io.Copy(ioutil.Discard, r)
|
||||
}
|
||||
|
|
BIN
archive/tar/testdata/neg-size.tar
vendored
Normal file
BIN
archive/tar/testdata/neg-size.tar
vendored
Normal file
Binary file not shown.
Loading…
Reference in a new issue