archive/tar: add missing error checks to Reader.Next

A recursive call to Reader.Next did not check the error before
trying to use the result, leading to a nil pointer panic.
This specific CL addresses the immediate issue, which is the panic,
but does not solve the root issue, which is due to an integer
overflow in the base-256 parser.

Updates #12435

Change-Id: Ia908671f0f411a409a35e24f2ebf740d46734072
Reviewed-on: https://go-review.googlesource.com/15437
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

src/archive/tar/reader.go

@@ -165,18 +165,24 @@ func (tr *Reader) Next() (*Header, error) {
 		if err != nil {
 			return nil, err
 		}
-		hdr, err := tr.Next()
+		hdr, tr.err = tr.Next()
+		if tr.err != nil {
+			return nil, tr.err
+		}
 		hdr.Name = cString(realname)
-		return hdr, err
+		return hdr, nil
 	case TypeGNULongLink:
 		// We have a GNU long link header.
 		realname, err := ioutil.ReadAll(tr)
 		if err != nil {
 			return nil, err
 		}
-		hdr, err := tr.Next()
+		hdr, tr.err = tr.Next()
+		if tr.err != nil {
+			return nil, tr.err
+		}
 		hdr.Linkname = cString(realname)
-		return hdr, err
+		return hdr, nil
 	}
 	return hdr, tr.err
 }

src/archive/tar/reader_test.go

@@ -300,6 +300,14 @@ var untarTests = []*untarTest{
 		file: "testdata/issue11169.tar",
 		// TODO(dsnet): Currently the library does not detect that this file is
 		// malformed. Instead it incorrectly believes that file just ends.
+		// At least the library doesn't crash anymore.
+		// err:  ErrHeader,
+	},
+	{
+		file: "testdata/issue12435.tar",
+		// TODO(dsnet): Currently the library does not detect that this file is
+		// malformed. Instead, it incorrectly believes that file just ends.
+		// At least the library doesn't crash anymore.
 		// err:  ErrHeader,
 	},
 }