From c31a08f64d5475900060540bea0d534466f88f6e Mon Sep 17 00:00:00 2001 From: Martin Matuska Date: Mon, 17 Jun 2019 11:29:32 +0000 Subject: [PATCH] Update vendor/libarchive/dist to git 809f0dc32fff7434aef45a7c688fa285c7208af7 Relevant vendor changes: PR #1212: RAR5 reader - window_mask was not updated correctly (OSS-Fuzz 15278) OSS-Fuzz 15120: RAR reader - extend use after free bugfix Add HAVE_UNLINKAT to config_freebsd.h --- Makefile.am | 2 + libarchive/archive_read_support_format_rar.c | 1 + libarchive/archive_read_support_format_rar5.c | 17 +- libarchive/config_freebsd.h | 1 + libarchive/test/test_read_format_rar.c | 29 + libarchive/test/test_read_format_rar5.c | 21 + ...d_format_rar5_different_window_size.rar.uu | 675 ++++++++++++++++++ ...ead_format_rar_ppmd_use_after_free2.rar.uu | 10 + 8 files changed, 750 insertions(+), 6 deletions(-) create mode 100644 libarchive/test/test_read_format_rar5_different_window_size.rar.uu create mode 100644 libarchive/test/test_read_format_rar_ppmd_use_after_free2.rar.uu diff --git a/Makefile.am b/Makefile.am index da78b24acb51..76703e4fe1b4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -826,6 +826,7 @@ libarchive_test_EXTRA_DIST=\ libarchive/test/test_read_format_rar_noeof.rar.uu \ libarchive/test/test_read_format_rar_ppmd_lzss_conversion.rar.uu \ libarchive/test/test_read_format_rar_ppmd_use_after_free.rar.uu \ + libarchive/test/test_read_format_rar_ppmd_use_after_free2.rar.uu \ libarchive/test/test_read_format_rar_sfx.exe.uu \ libarchive/test/test_read_format_rar_subblock.rar.uu \ libarchive/test/test_read_format_rar_unicode.rar.uu \ @@ -833,6 +834,7 @@ libarchive_test_EXTRA_DIST=\ libarchive/test/test_read_format_rar5_arm.rar.uu \ libarchive/test/test_read_format_rar5_blake2.rar.uu \ libarchive/test/test_read_format_rar5_compressed.rar.uu \ + libarchive/test/test_read_format_rar5_different_window_size.rar.uu \ libarchive/test/test_read_format_rar5_distance_overflow.rar.uu \ libarchive/test/test_read_format_rar5_extra_field_version.rar.uu \ libarchive/test/test_read_format_rar5_fileattr.rar.uu \ diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c index 49360876c2ac..41e5a3cadd90 100644 --- a/libarchive/archive_read_support_format_rar.c +++ b/libarchive/archive_read_support_format_rar.c @@ -1027,6 +1027,7 @@ archive_read_format_rar_read_data(struct archive_read *a, const void **buff, if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) { __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); rar->start_new_table = 1; + rar->ppmd_valid = 0; } break; diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c index 7c24627b186c..95579e15cf05 100644 --- a/libarchive/archive_read_support_format_rar5.c +++ b/libarchive/archive_read_support_format_rar5.c @@ -1125,6 +1125,13 @@ static void init_header(struct archive_read* a) { a->archive.archive_format_name = "RAR5"; } +static void init_window_mask(struct rar5* rar) { + if (rar->cstate.window_size) + rar->cstate.window_mask = rar->cstate.window_size - 1; + else + rar->cstate.window_mask = 0; +} + enum HEADER_FLAGS { HFL_EXTRA_DATA = 0x0001, HFL_DATA = 0x0002, @@ -1672,6 +1679,7 @@ static int process_head_file(struct archive_read* a, struct rar5* rar, /* Values up to 64M should fit into ssize_t on every * architecture. */ rar->cstate.window_size = (ssize_t) window_size; + init_window_mask(rar); rar->file.solid = (compression_info & SOLID) > 0; rar->file.service = 0; @@ -2235,10 +2243,7 @@ static int rar5_read_header(struct archive_read *a, static void init_unpack(struct rar5* rar) { rar->file.calculated_crc32 = 0; - if (rar->cstate.window_size) - rar->cstate.window_mask = rar->cstate.window_size - 1; - else - rar->cstate.window_mask = 0; + init_window_mask(rar); free(rar->cstate.window_buf); free(rar->cstate.filtered_buf); @@ -2851,7 +2856,7 @@ static int do_uncompress_block(struct archive_read* a, const uint8_t* p) { * - Values lower than 256 are just bytes. Those codes * can be stored in the output buffer directly. * - * - Code 256 defines a new filter, which is later used to + * - Code 256 defines a new filter, which is later used to * ransform the data block accordingly to the filter type. * The data block needs to be fully uncompressed first. * @@ -3906,7 +3911,7 @@ static int rar5_read_data_skip(struct archive_read *a) { /* Turn off "skip mode". */ rar->skip_mode--; - if(ret < 0) { + if(ret < 0 || ret == ARCHIVE_EOF) { /* Propagate any potential error conditions * to the caller. */ return ret; diff --git a/libarchive/config_freebsd.h b/libarchive/config_freebsd.h index be25258f9465..f16fd3495ed5 100644 --- a/libarchive/config_freebsd.h +++ b/libarchive/config_freebsd.h @@ -210,6 +210,7 @@ #define HAVE_TZSET 1 #define HAVE_UINTMAX_T 1 #define HAVE_UNISTD_H 1 +#define HAVE_UNLINKAT 1 #define HAVE_UNSETENV 1 #define HAVE_UNSIGNED_LONG_LONG 1 #define HAVE_UNSIGNED_LONG_LONG_INT 1 diff --git a/libarchive/test/test_read_format_rar.c b/libarchive/test/test_read_format_rar.c index f08b06bc69a3..1425eb9a4570 100644 --- a/libarchive/test/test_read_format_rar.c +++ b/libarchive/test/test_read_format_rar.c @@ -3776,6 +3776,35 @@ DEFINE_TEST(test_read_format_rar_ppmd_use_after_free) assertA(ARCHIVE_OK == archive_read_next_header(a, &ae)); assertA(archive_read_data(a, buf, sizeof(buf)) <= 0); + /* Test EOF */ + assertA(1 == archive_read_next_header(a, &ae)); + + assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); + assertEqualInt(ARCHIVE_OK, archive_read_free(a)); +} + +DEFINE_TEST(test_read_format_rar_ppmd_use_after_free2) +{ + uint8_t buf[16]; + const char* reffile = "test_read_format_rar_ppmd_use_after_free2.rar"; + + struct archive_entry *ae; + struct archive *a; + + extract_reference_file(reffile); + assert((a = archive_read_new()) != NULL); + assertA(0 == archive_read_support_filter_all(a)); + assertA(0 == archive_read_support_format_all(a)); + assertA(0 == archive_read_open_filename(a, reffile, 10240)); + + assertA(ARCHIVE_OK == archive_read_next_header(a, &ae)); + assertA(archive_read_data(a, buf, sizeof(buf)) <= 0); + assertA(ARCHIVE_OK == archive_read_next_header(a, &ae)); + assertA(archive_read_data(a, buf, sizeof(buf)) <= 0); + + /* Test EOF */ + assertA(1 == archive_read_next_header(a, &ae)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); assertEqualInt(ARCHIVE_OK, archive_read_free(a)); } diff --git a/libarchive/test/test_read_format_rar5.c b/libarchive/test/test_read_format_rar5.c index 1408f37c49dc..2a55e2015510 100644 --- a/libarchive/test/test_read_format_rar5.c +++ b/libarchive/test/test_read_format_rar5.c @@ -1194,3 +1194,24 @@ DEFINE_TEST(test_read_format_rar5_fileattr) EPILOGUE(); } + +DEFINE_TEST(test_read_format_rar5_different_window_size) +{ + char buf[4096]; + PROLOGUE("test_read_format_rar5_different_window_size.rar"); + + /* Return codes of those calls are ignored, because this sample file + * is invalid. However, the unpacker shouldn't produce any SIGSEGV + * errors during processing. */ + + (void) archive_read_next_header(a, &ae); + while(0 != archive_read_data(a, buf, sizeof(buf))) {} + + (void) archive_read_next_header(a, &ae); + while(0 != archive_read_data(a, buf, sizeof(buf))) {} + + (void) archive_read_next_header(a, &ae); + while(0 != archive_read_data(a, buf, sizeof(buf))) {} + + EPILOGUE(); +} diff --git a/libarchive/test/test_read_format_rar5_different_window_size.rar.uu b/libarchive/test/test_read_format_rar5_different_window_size.rar.uu new file mode 100644 index 000000000000..bb4c4a60415e --- /dev/null +++ b/libarchive/test/test_read_format_rar5_different_window_size.rar.uu @@ -0,0 +1,675 @@ +begin 600 test_read_format_rar5_different_window_size.rar +M4F%R(1H'`0"-[P+2``'#M#P\7P$'`0"-[P+2``7#`/KZ^OKZA5N8F)B8F)@` +MF`*8T@7"F!=A_________P$$_____________________R%285(A&@?_____ +M_________________V@`[E##M#P\7P$'`0"-[P+2``7"87)26`!W=%)A\"T@`"QP\)`'(A&@\"T@`" +MQP\`"7(AFC`!&B/2+0`"*"%285(A&@<8`0"-[P+2``7#10!A4B$:!Q@!`#)S +M-/_______U)A\"T@`"!QS1T='1T='1T='6T='1T='1T='1T='1 +MT='1T='1T='1T='1T=&UQX`.`"'X"/\E``*H'#`"`/+__TO__O_G*_____\` +M`"\O``#_02+M____`-X`_["&AFVQJ@,#45TW,?;V]@$``/____\3]O;V]O;_ +M_S\``/]!(.VG+R\``/]!(.T)__^PWOS_```O+S$``/8@[;L````````````` +M-3XR9%Q<7%Q<7%Q<7%Q<7%QZ7%PJ7%Q<7"]<7%Q<7%Q<7%Q<7%Q<7%Q<7%Q< +M7#)<7#9<,F1I9V5R=#4V,61I870]+@HN"G0@9&5V270@9&1I9V5S7%Q<7'=E +M9"XR9&EG97)T-38R9&EA=#TN"BX*="!D979)="!D9&EG97-T/2X*+@HN"@HF +M+BX**%)A\"T@`"!QS1T='1T='1T='6T='1T='1T='1T='1T='1 +MT='1T='1T='1T=&UQX`.`"'X"/\E``*H'#`"`/+__TO__O_G*_____\``"\O +M``#_02+M____`-X`_["&AFVQJ@,#45TW,?;V]@$````````3]O;V]O;__S\` +M`/]!(.VG+R\``/]!(.T)__^PWOS_```O+P```/8@[;L`````````````-38R +M9%Q<7%Q<7%Q<7%Q<7%QZ7%PJ7%Q<7"]<7%Q<7%Q<7%Q<7%Q<7%Q<7%Q<7#)< +M7#9<,F1I9V5R=#4V,61I870]+@HN"G0@9&5V270@9&1I9V5S7%Q<7'=E9"XR +M9&EG97)T-38R9&EA=#TN"BX*="!D979)="!D9&EG97-T/2X*+@HN"@HF+E)A +M\"T@`"PP<KJZNKJZNKJZNKJZNKJZNKJ +MZNKJZNKJZNKJZNKJZNKJZNKJZNKJZNKJZNKJZNK#P\/#P\/#P\/#R\-MP\/# +MP\/#P\/#P\/#P\/#P\/#`\"T@`#QP\`"2$:TB,M``(H(5)A4B$:!Q@!`(WO`M(`!0`````````````` +M`````````0``````_____P#_965E965E965E965E965E965E8'-T/2X*+@HN +M"C(P-S`W,&EA='EAEQ<*EQ<7%PO7%Q<7%Q<7%Q<7%Q<7%Q<7%Q<7%PR7%PV7#!D:6=E +M\"T@`%PP`:!P`$9P`` +M````````[P+2``+'#P`)`"X),AP`_0$`%___"0`N"3(<`/T!`!?__Q%287(A +M_Q%287(A&H\Q`"@HW,@```/V-[P+2 +M``+'`"X),1P`_0$`%___$5)A<@$`C>\"T@`%PP`:!P`$9P``````````[P+2 +M``+'#P`)`"X),AP`_0$`%___$5)A\"T@`#QP\`"2$:TB,M``DA +M&M(C+0`"*"%285(A&@<8`0"-[P+2``7#`!H'`/R8__]E965E965E965E965E +M965E965@6%R(0HN"@HF+B8N"B@*+@HN"BY0 +M7B]A,C5I-F1G97-T/2X*+@HN"@HF+BX*"@HF+BX**`HN"BX*+E!<-3,R-C)D +M+W-.="`@6W-T/3TN"BX*+@H*)BXN"B@*+@HN"BY07#4S,C8A(2$A(2$A(2$A +M(2$A(2$A(2$A(2$A(2$A(2$A(2$A(2$A(2$A(2$A(2$A(2$A(2$A(2$A(2$A +M(2$A(2$A(2$A(2$A(2$A(2$A+@H*)BXN+EPV7#)D:6=E\"T@`%```` +M```````````````````!``````#_____```O+P``_T$@[?___[#>`/\`AH:Q +M;?;V]@.J_O;_S_\`Q+[?$?;?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?___?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_? +MW]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W]_?W_^[XP## +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M``````````````````````````````````````````````````#_________ +M__________________________________________\````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M`````````````````````````"`````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M`````````````````````````````````````````````````+8````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M``````````````````````````````````````````````````!287(A&@\"T@`%PF%R4E@`=W1287(A&@EFZ>45J>E"(8*1QP&#AP1O__`````!X````````````` +MNKJZNKJZN@'U``"R____`````!X```"````````````````````````````` +M`"Q!`````````"T`%0``:#H`6@$M\"T@`"PP<< +MP@2```#_;24``F<<`0(`#@```0!02P@#`"8F)@!`___/0T+_____\?__K2-T +M='3_______[______R9"____,3,U__\3$Q,3$Q,3$Q,3$Q,3$Q,3$Q,3$Q,3 +M$Q,3$Q,3$Q,3$Q,3$Q,3$Q,3$R8J8BQB`/______0D)"0D)"0D)"0D)"0D)" +M0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D+;V]O;V]O;V]O;V]O;-C8V +M-C8V&4PA`C8V-C8V-C8V-C8V-C8V&4PA`C8V-C8V-C8V-C8V-C8H*"@H*"@H +M*"@H*"@H(1H'`0"-[P(H*"@H*"@V-C8V-C8V-C8V-I8V-C8V-C8V-MO;VP`` +M````````````````````````````V]O;V]L`VP````#;V]L`VR@H*"@H*#8V +M-C8V-C8V-C8VEC8V-C8V-C8VV]O;``````````````````````````````#; +MV]O;VP#;`````-O;VP#;``````````````````````!"0D)"0D)"0D)S0D)" +M0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0EU=75)A4B$:!V%R0D)"0D)"0D)" +M0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0MO;V]O;V]O; +MV]O;V]LV-C8V-C893"$"-C8V-C8V-C8V-C8V-C893"$"-C8V-C8V-C8V-C8V +M-B@H*"@H*"@H*"@H*"@A&@\" +M*"@H*"@H-C8V-C8V-C8V-C:6-C8V-C8V-C;;V]L````````````````````` +M`````````-O;V]O;`-L`````V]O;`-L``````````````````````$)"0D)" +M0D)"0G-"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"75U=4F%2(1H'87)" +M0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)" +MV]O;V]O;V]O;V]O;VS8V-C8V-AE,(0(V-C8V-C8V-C8V-C8V-AE,(0(V-C8V +M-C8V-C8V-C8V*"@H*"@H*"@H*"@H*"$:!P$`C>\"*"@H*"@H-C8V-C8V-C8V +M-C:6-C8V-C8V-C;;V]L``````````````````````````````-O;V]O;`-L` +M````V]O;`-LH*"@H*"@V-C8V-C8V-C8V-I8V-C8V-C8V-MO;VP`````````` +M````````````````````V]O;V]L`VP````#;V]L`VP`````````````````` +M````0D)"0D)"0D)"\"T@`%PT4```!&%<\"T@`%PF%R4E@`=W1287(A&@7EY0H```#EY>7EY>7EY>7EY>7EY>7EY>7EY>7E +MY>7EY>7EY>5W=V%R(2\O+R`N"@H*75U=75U9R,C(R,C(R,C(R,C(R"<.`'\` +M``I=70!=!UU=7=D`Y>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7E +MY>7EY>7EY>7EY>7EY>7EY>7EY4$X.#@X]C@X+3@X.#@X.#@X.#@X.#@X.#@X +M.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#AR.#@X.#@X.#@X.#@X.#@X.#@X +M.#@X./DX.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X\"T@`%P_J%6YB8F)B8F`"8`IC2!<*8%V'_ +M________`03_____________________(5)A4B$:!___________________ +M____:`#N4,.T/#Q?`0\"T@`" +MQP\)`'(A&@\"T@`"QP\`"7(AFC`! +M&B/2+0`"*"%285(A&@<8`0"-[P+2``7#15\!!P$`C>\"T@`%PF%R4E@`=W12 +M87(A&@\"T@`%PP```$85!<)A +M\"T@`%PT4```!&%<\"T@`%PF%R4E@` +M=W1287(A&@`````````````+JZNKJZNKH!]0``LO___P`````>```` +M@``````````````````````````````L00`````````M`!4``&@Z`%H!+7-L +M-S8`R!$`````````XJ$`8VDP`#(`93$``/_______________P`````````` +M``H*"@H```!=75U=75U=75U=75U=75T````````````````````````````` +M``````!287(A&@7E"@```.7EY>7EY>7EY>7EY>7EY>7EY>7E +MY>7EY>7EY>7EY7=W87(A+R\O("X*"@I=75U=75G(R,C(R,C(R,C(R,C()PX` +M?P``"EU=`%T'75U=V0#EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7E +MY>7EY>7EY>7EY>7EY>7EY>7EY>7E03@X.#CV.#@M.#@X.#@X.#@X.#@X.#@X +M.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.'(X.#@X.#@X.#@X.#@X.#@X +M.#@X.#@X^3@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#AR.#@X=_[_________ +M&4PA`C8V-C8V-C8V-C8V-C8R&4PA`C8V-C8V-C8V-C8V-C8V-C8V-C8V"#8V +M-C:6-C8V-C8V-C;;V]O;V]O;V__;V]O;V]O;V]O;V]O;V]O;VS8V-C8V-C8V +M-C8V-C8V-@@V-C8VEC8V-C8V-C8VV]O;V]O;V]O;V]O;V]O;V]O;V]O;V]O; +MV]LV-C8V-C;;V]O;V]O;V]O;VUU=75U=75U=75U=75U=75U=75U=V]O;V]O; +MV]LV-C8V-C8V&4PA`C8V-C8V-C8V-MO;V]O;V]O;V]O;V]O;V]O;V]O;V]O; +MV]O;-C8V-C8V-AE,(0(V-C8V-C8V-C8V-C8V-AE,(0(V-C8V-C8V-C8V-C8V +M-C8V-C8V-C8V-C:6-C8V-C8V-C;;V]O;V]O;V]O;V]O;V]O;V]O;V]O;V]O; +MV]O;V]O;V]O;V]O;V]O;V]O;V]O;V]M"0D)"```````````````````````` +M``````````````````````````````````````````````````!"0D)"0D)" +M0D)S0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0EU=75)A4B$:!V%R0D)" +M0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0MO; +MV]O;V]O;V]O;V]LV-C8V-C893"$"-C8V-C8V-C8V-C8V-C893"$"-C8V-C8V +M-C8V-C8V-B@H*"@H*"@H*"@H*"@A&@\"*"@H*"@H-C8V-C8V-C8V-C:6-C8V-C8V +M-C;;V]L``````````````````````````````-O;V]O;`-L`````V]O;`-O_ +M____________________________________________________________ +M_____________________R8@)B8?)B8F)B8F)B8F)B8F)R8F```````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M`````````````````````````````````/8``)0X.#@X73@X..7EY>4*```` +MY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7E=W=A7EY>7EY>7E +MY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>5!.#@X +M./8X."TX.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X +M.#@X\"*"@H*"@H-C8V-C8V-C8V-C:6-C8V-C8V-C;;V]L````````````````` +M`````````````-O;V]O;`-L`````V]O;`-L``````````````````````$)" +M0D)"0D)"0G-"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"75U=4F%2(1H' +M87)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)" +M0D)"V]O;V]O;V]O;V]O;VS8V-C8V-AE,(0(V-C8V-C8V-C8V-C8V-AE,(0(V +M-C8V-C8V-C8V-C8V*"@H*"@H*"@H*"@H*"$:!P$`C>\"*"@H*"@H-C8V-C8V +M-C8V-C:6-C8V-C8V-C;;V]L``````````````````````````````-O;V]O; +M`-L`````V]O;`-LH*"@H*"@V-C8V-C8V-C8V-I8V-C8V-C8V-MO;VP`````` +M````````````````````````V]O;V]L`VP````#;V]L`VP`````````````` +M````````0D)"0D)"0D)"\"*"@H*"@H-C8V-C8V-C8V-C:6-C8V-C8V-C;;V]L````` +M`````````````````````````-O;V]O;`-L`````V]O;`-L"-C8V-C8V-C8V +M-C8V-B@H*"@H*"@H*"@H*"@A&@\"*"@H*"@H-C8V-C8V-C8V-C:6-C8V-C8V-C;; +MV]L``````````````````````````````-O;V]O;`-L`````V]O;`-O_____ +M____________________________________________________________ +M_________________R8@)B8?)B8F)B8F)B8F)B8F)R8F```````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M`````````````````````````````/8``)0X.#@X73@X..7EY>4*````Y>7E +MY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7E=W=A7EY>7EY>7EY>7E +MY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>7EY>5!.#@X./8X +M."TX.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X.#@X +M\" +M*"@H*"@H-C8V-C8V-C8V-C:6-C8V-C8V-C;;V]L````````````````````` +M`````````-O;V]O;`-L`````V]O;`-L``````````````````````$)"0D)" +M0D)"0G-"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"75U=4F%2(1H'87)" +M0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)"0D)" +MV]O;V]O;V]O;V]O;VS8V-C8V-AE,(0(V-C8V-C8V-C8V-C8V-AE,(0(V-C8V +M-C8V-C8V-C8V*"@H*"@H*"@H*"@H*"$:!P$`C>\"*"@H*"@H-C8V-C8V-C8V +M-C:6-C8V-C8V-C;;V]L``````````````````````````````-O;V]O;`-L` +M````V]O;`-LH*"@H*"@V-C8V-C8V-C8V-I8V-C8V-C8V-MO;VP`````````` +M````````````````````V]O;V]L`VP````#;V]L`VP`````````````````` +M````0D)"0D)"0D)"\"*"@H*"@H-C8V-C8V-C8V-C:6-C8V-C8V-C;;V]L````````` +@`````````````````````-O;V]O;`-L`````V]O;`-L` +` +end diff --git a/libarchive/test/test_read_format_rar_ppmd_use_after_free2.rar.uu b/libarchive/test/test_read_format_rar_ppmd_use_after_free2.rar.uu new file mode 100644 index 000000000000..03c2eadfa4f3 --- /dev/null +++ b/libarchive/test/test_read_format_rar_ppmd_use_after_free2.rar.uu @@ -0,0 +1,10 @@ +begin 664 test_read_format_rar_ppmd_use_after_free2.rar +M4F%R(1H'``1G=$Q24`!W````>U!+`P0Q`'#_J7\`+@TU'`#]`0`7__]"0D)" +M+W5N)B8F)F=I9`UD#1T+``!"`````````&%R(1H'``3_________`F@`H2`` +M``"`P\/#2\/#P\/#P\/#P\-3PP"`P\/#PYZ>AYZ>GI[#4\,`@,/#`L,@(""= +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@(/______ +M__\@("`@("`@("`@("`@("`@("`@("`@("`$9W1,4E``=P```'M02P,$,0!P +M_ZE_`"X--1P`_0$`%___0D)"0B]U;B8F)B9G:60-9`T="P``0@````````!A +0