File CVE-2016-10209.patch of Package libarchive.13055

commit 42a3408ac7df1e69bea9ea12b72e14f59f7400c0
Author: Martin Matuska <martin@matuska.org>
Date:   Mon Dec 26 22:23:24 2016 +0100

    archive_strncat_l(): allocate and do not convert if length == 0
    
    This ensures e.g. that archive_mstring_copy_mbs_len_l() does not set
    aes_set = AES_SET_MBS with aes_mbs.s == NULL.
    
    Resolves possible null-pointer dereference reported by OSS-Fuzz.
    
    Reported-By:    OSS-Fuzz issue 286

Index: libarchive-3.1.2/libarchive/archive_string.c
===================================================================
--- libarchive-3.1.2.orig/libarchive/archive_string.c
+++ libarchive-3.1.2/libarchive/archive_string.c
@@ -1942,12 +1942,19 @@ archive_strncat_l(struct archive_string
     struct archive_string_conv *sc)
 {
 	const void *s;
-	size_t length;
+	size_t length = 0;
 	int i, r = 0, r2;
 
+	if (_p != NULL && n > 0) {
+		if (sc != NULL && (sc->flag & SCONV_FROM_UTF16))
+			length = utf16nbytes(_p, n);
+		else
+			length = mbsnbytes(_p, n);
+	}
+
 	/* We must allocate memory even if there is no data for conversion
 	 * or copy. This simulates archive_string_append behavior. */
-	if (_p == NULL || n == 0) {
+	if (length == 0) {
 		int tn = 1;
 		if (sc != NULL && (sc->flag & SCONV_TO_UTF16))
 			tn = 2;
@@ -1963,16 +1970,11 @@ archive_strncat_l(struct archive_string
 	 * If sc is NULL, we just make a copy.
 	 */
 	if (sc == NULL) {
-		length = mbsnbytes(_p, n);
 		if (archive_string_append(as, _p, length) == NULL)
 			return (-1);/* No memory */
 		return (0);
 	}
 
-	if (sc->flag & SCONV_FROM_UTF16)
-		length = utf16nbytes(_p, n);
-	else
-		length = mbsnbytes(_p, n);
 	s = _p;
 	i = 0;
 	if (sc->nconverter > 1) {