diff options
Diffstat (limited to 'archival/libarchive/decompress_unxz.c')
| -rw-r--r-- | archival/libarchive/decompress_unxz.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/archival/libarchive/decompress_unxz.c b/archival/libarchive/decompress_unxz.c index f03341384..3dd9bbf49 100644 --- a/archival/libarchive/decompress_unxz.c +++ b/archival/libarchive/decompress_unxz.c @@ -96,6 +96,24 @@ unpack_xz_stream(transformer_state_t *xstate) */ do { if (membuf[iobuf.in_pos] != 0) { + /* There is more data, but is it XZ data? + * Example: dpkg-deb -f busybox_1.30.1-4_amd64.deb + * reads control.tar.xz "control" file + * inside the ar archive, but tar.xz + * extraction code reaches end of xz data, + * reached this code and reads the beginning + * of data.tar.xz's ar header, which isn't xz data, + * and prints "corrupted data". + * The correct solution is to not read + * past nested archive (to simulate EOF). + * This is a workaround: + */ + if (membuf[iobuf.in_pos] != 0xfd) { + /* It's definitely not a xz signature + * (which is 0xfd,"7zXZ",0x00). + */ + goto end; + } xz_dec_reset(state); goto do_run; } @@ -128,7 +146,7 @@ unpack_xz_stream(transformer_state_t *xstate) break; } } - + end: xz_dec_end(state); free(membuf); |