Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
undefined behaviour / signed integer overflow in archive_read_format_tar_skip() #548
Using this malformed tar file with "bsdtar -tf [input]" will cause a signed integer overflow:
Signed integer overflows are undefined in C. This can be seen by compiling libarchive with -fsanitize=undefined.
Here's the crash dump:
SUMMARY: AddressSanitizer: undefined-behavior libarchive/archive_read_support_format_tar.c:612
According to <URL: https://security-tracker.debian.org/tracker/CVE-2015-8933 > this is a security issue with ID CVE-2015-8933.