aboutsummaryrefslogtreecommitdiff
path: root/archival/libarchive/decompress_unxz.c
diff options
context:
space:
mode:
Diffstat (limited to 'archival/libarchive/decompress_unxz.c')
-rw-r--r--archival/libarchive/decompress_unxz.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/archival/libarchive/decompress_unxz.c b/archival/libarchive/decompress_unxz.c
index f03341384..3dd9bbf49 100644
--- a/archival/libarchive/decompress_unxz.c
+++ b/archival/libarchive/decompress_unxz.c
@@ -96,6 +96,24 @@ unpack_xz_stream(transformer_state_t *xstate)
*/
do {
if (membuf[iobuf.in_pos] != 0) {
+ /* There is more data, but is it XZ data?
+ * Example: dpkg-deb -f busybox_1.30.1-4_amd64.deb
+ * reads control.tar.xz "control" file
+ * inside the ar archive, but tar.xz
+ * extraction code reaches end of xz data,
+ * reached this code and reads the beginning
+ * of data.tar.xz's ar header, which isn't xz data,
+ * and prints "corrupted data".
+ * The correct solution is to not read
+ * past nested archive (to simulate EOF).
+ * This is a workaround:
+ */
+ if (membuf[iobuf.in_pos] != 0xfd) {
+ /* It's definitely not a xz signature
+ * (which is 0xfd,"7zXZ",0x00).
+ */
+ goto end;
+ }
xz_dec_reset(state);
goto do_run;
}
@@ -128,7 +146,7 @@ unpack_xz_stream(transformer_state_t *xstate)
break;
}
}
-
+ end:
xz_dec_end(state);
free(membuf);