From 9599d193b84e85bcc0d7015948ed827eb06f1fd1 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 11 Sep 2023 01:17:02 -0500
Subject: [PATCH 1/2] quote unknown header keywords in diagnostics

* src/xheader.c (decx): Quote unknown header in warning, as it may
contain control characters.  Problem reported by Wicher Minnaard.
---
 NEWS          | 4 +++-
 THANKS        | 1 +
 src/xheader.c | 4 ++--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index 4a8754cf..4b8094e5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-GNU tar NEWS - User visible changes. 2023-08-21
+GNU tar NEWS - User visible changes. 2023-09-10
 Please send GNU tar bug reports to <bug-tar@gnu.org>
 
 version TBD
@@ -31,6 +31,8 @@ used, command output will be parsed using strptime(3).
 
 ** tar no longer uses alloca, fixing an unlikely stack overflow.
 
+** When diagnosing invalid extended headers tar now quotes control characters.
+
 
 version 1.35 - Sergey Poznyakoff, 2023-07-18
 
diff --git a/THANKS b/THANKS
index aee0a924..b51f1694 100644
--- a/THANKS
+++ b/THANKS
@@ -535,6 +535,7 @@ Warner Losh		imp@boulder.parcplace.com
 Warren Dodge		warrend@sptekwv3.wv.tek.com
 Wayne Christopher	wayne@icemcfd.com
 Werner Almesberger	werner.almesberger@lrc.di.epfl.ch
+Wichar Minnaard		wicher@gavagai.nl
 William Bader		william@nscs.fast.net
 William J. Eaton	wje@hoffman.rstnu.bcm.tmc.edu
 William Kucharski	kucharsk@netcom.com
diff --git a/src/xheader.c b/src/xheader.c
index 1347ce18..c82222ed 100644
--- a/src/xheader.c
+++ b/src/xheader.c
@@ -692,8 +692,8 @@ decx (void *data, char const *keyword, char const *value, size_t size)
     t->decoder (st, keyword, value, size);
   else
     WARNOPT (WARN_UNKNOWN_KEYWORD,
-	     (0, 0, _("Ignoring unknown extended header keyword '%s'"),
-	      keyword));
+	     (0, 0, _("Ignoring unknown extended header keyword %s"),
+	      quotearg_style (shell_escape_always_quoting_style, keyword)));
 }
 
 void

From 78d4ccd75531ac61552a6aa97c6df7238b16cbd3 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 11 Sep 2023 01:17:02 -0500
Subject: [PATCH 2/2] Fix pointer bug in drop_volume_label_suffix

Problem reported by Marc Espie in:
https://lists.gnu.org/r/bug-tar/2023-09/msg00003.html
* src/buffer.c (drop_volume_label_suffix):
Redo to not compute a pointer before the start of a buffer,
as this is not portable.
---
 THANKS       |  1 +
 src/buffer.c | 32 ++++++++++----------------------
 src/common.h |  3 ++-
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/THANKS b/THANKS
index b51f1694..fb8634e1 100644
--- a/THANKS
+++ b/THANKS
@@ -327,6 +327,7 @@ Mads Martin Joergensen	mmj@suse.de
 Manfred Weichel		Manfred.Weichel@mch.sni.de
 Manuel Munier		Manuel.Munier@loria.fr
 Marc Boucher		marc@cam.org
+Marc Espie		marc.espie.openbsd@gmail.com
 Marc Ewing		marc@redhat.com
 Marcin Matuszewski	marcin@frodo.nask.org.pl
 Marcus Daniels		marcus@sysc.pdx.edu
diff --git a/src/buffer.c b/src/buffer.c
index 8a575f9a..7f353fa4 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1565,33 +1565,21 @@ try_new_volume (void)
 }
 
 
-#define VOLUME_TEXT " Volume "
-#define VOLUME_TEXT_LEN (sizeof VOLUME_TEXT - 1)
-
 char *
 drop_volume_label_suffix (const char *label)
 {
-  const char *p;
-  size_t len = strlen (label);
-
-  if (len < 1)
-    return NULL;
+  static char const VOLUME_TEXT[] = " Volume ";
+  idx_t VOLUME_TEXT_LEN = sizeof VOLUME_TEXT - 1;
+  idx_t prefix_len = 0;
 
-  for (p = label + len - 1; p > label && isdigit ((unsigned char) *p); p--)
-    ;
-  if (p > label && p - (VOLUME_TEXT_LEN - 1) > label)
-    {
-      p -= VOLUME_TEXT_LEN - 1;
-      if (memcmp (p, VOLUME_TEXT, VOLUME_TEXT_LEN) == 0)
-	{
-	  char *s = xmalloc ((len = p - label) + 1);
-	  memcpy (s, label, len);
-	  s[len] = 0;
-	  return s;
-	}
-    }
+  for (idx_t i = 0; label[i]; i++)
+    if (!isdigit ((unsigned char) label[i]))
+      prefix_len = i + 1;
 
-  return NULL;
+  ptrdiff_t len = prefix_len - VOLUME_TEXT_LEN;
+  return (0 <= len && memcmp (label + len, VOLUME_TEXT, VOLUME_TEXT_LEN) == 0
+	  ? ximemdup0 (label, len)
+	  : NULL);
 }
 
 /* Check LABEL against the volume label, seen as a globbing
diff --git a/src/common.h b/src/common.h
index 89912567..55576ef3 100644
--- a/src/common.h
+++ b/src/common.h
@@ -460,7 +460,8 @@ extern uintmax_t continued_file_size;
 extern uintmax_t continued_file_offset;
 extern off_t records_written;
 
-char *drop_volume_label_suffix (const char *label);
+char *drop_volume_label_suffix (const char *label)
+  _GL_ATTRIBUTE_MALLOC _GL_ATTRIBUTE_DEALLOC_FREE;
 
 size_t available_space_after (union block *pointer);
 off_t current_block_ordinal (void);