File CVE-2025-5916.patch of Package libarchive.39859

From ef093729521fcf73fa4007d5ae77adfe4df42403 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <stoeckmann@users.noreply.github.com>
Date: Mon, 7 Apr 2025 00:24:13 +0200
Subject: [PATCH] warc: Prevent signed integer overflow (#2568)

If a warc archive claims to have more than INT64_MAX - 4 content bytes,
the inevitable failure to skip all these bytes could lead to parsing
data which should be ignored instead.

The test case contains a conversation entry with that many bytes and if
the entry is not properly skipped, the warc implementation would read
the conversation data as a new file entry.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 libarchive/archive_read_support_format_warc.c |  7 ++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

Index: libarchive-3.3.3/libarchive/archive_read_support_format_warc.c
===================================================================
--- libarchive-3.3.3.orig/libarchive/archive_read_support_format_warc.c
+++ libarchive-3.3.3/libarchive/archive_read_support_format_warc.c
@@ -363,7 +363,8 @@ start_over:
 		/* FALLTHROUGH */
 	default:
 		/* consume the content and start over */
-		_warc_skip(a);
+		if (_warc_skip(a) < 0)
+			return (ARCHIVE_FATAL);
 		goto start_over;
 	}
 	return (ARCHIVE_OK);
@@ -416,7 +417,9 @@ _warc_skip(struct archive_read *a)
 {
 	struct warc_s *w = a->format->data;
 
-	__archive_read_consume(a, w->cntlen + 4U/*\r\n\r\n separator*/);
+	if (__archive_read_consume(a, w->cntlen) < 0 ||
+	    __archive_read_consume(a, 4U/*\r\n\r\n separator*/) < 0)
+		return (ARCHIVE_FATAL);
 	w->cntlen = 0U;
 	w->cntoff = 0U;
 	return (ARCHIVE_OK);