mirror of
https://github.com/golang/go
synced 2024-11-05 11:56:12 -07:00
archive/tar: don't panic on negative file size
Fixes #10959. Fixes #10960. Change-Id: I9a81a0e2b8275338d0d1c3f7f7265e0fd91f3de2 Reviewed-on: https://go-review.googlesource.com/10402 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: David Symonds <dsymonds@golang.org>
This commit is contained in:
parent
65518032b9
commit
02f4084299
@ -463,6 +463,10 @@ func (tr *Reader) readHeader() *Header {
|
||||
hdr.Uid = int(tr.octal(s.next(8)))
|
||||
hdr.Gid = int(tr.octal(s.next(8)))
|
||||
hdr.Size = tr.octal(s.next(12))
|
||||
if hdr.Size < 0 {
|
||||
tr.err = ErrHeader
|
||||
return nil
|
||||
}
|
||||
hdr.ModTime = time.Unix(tr.octal(s.next(12)), 0)
|
||||
s.next(8) // chksum
|
||||
hdr.Typeflag = s.next(1)[0]
|
||||
|
@ -741,3 +741,19 @@ func TestUninitializedRead(t *testing.T) {
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Negative header size should not cause panic.
|
||||
// Issues 10959 and 10960.
|
||||
func TestNegativeHdrSize(t *testing.T) {
|
||||
f, err := os.Open("testdata/neg-size.tar")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer f.Close()
|
||||
r := NewReader(f)
|
||||
_, err = r.Next()
|
||||
if err != ErrHeader {
|
||||
t.Error("want ErrHeader, got", err)
|
||||
}
|
||||
io.Copy(ioutil.Discard, r)
|
||||
}
|
||||
|
BIN
src/archive/tar/testdata/neg-size.tar
vendored
Normal file
BIN
src/archive/tar/testdata/neg-size.tar
vendored
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user