Description
Using this malformed tar file with "bsdtar -tf [input]" will cause a signed integer overflow:
https://crashes.fuzzing-project.org/libarchive-undefined-signed-overflow.tar
Signed integer overflows are undefined in C. This can be seen by compiling libarchive with -fsanitize=undefined.
Here's the crash dump:
\307q\005\bo\002\244\201\350\003\350\003libarchive/archive_read_support_format_tar.c:612:10: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
#0 0x96c665 in archive_read_format_tar_skip /f/libarchive/libarchive/libarchive/archive_read_support_format_tar.c:612:2
#1 0x607044 in archive_read_data_skip /f/libarchive/libarchive/libarchive/archive_read.c:914:8
#2 0x515a49 in read_archive /f/libarchive/libarchive/tar/read.c:327:8
#3 0x510dbb in tar_mode_t /f/libarchive/libarchive/tar/read.c:96:2
#4 0x4feddc in main /f/libarchive/libarchive/tar/bsdtar.c:799:3
#5 0x7f183d686f9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
#6 0x442206 in _start (/f/libarchive/libarchive/bsdtar+0x442206)
SUMMARY: AddressSanitizer: undefined-behavior libarchive/archive_read_support_format_tar.c:612
bsdtar: (null)
bsdtar: Error exit delayed from previous errors.