File CVE-2025-5916.patch of Package libarchive.41018

From ef093729521fcf73fa4007d5ae77adfe4df42403 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <stoeckmann@users.noreply.github.com>
Date: Mon, 7 Apr 2025 00:24:13 +0200
Subject: [PATCH] warc: Prevent signed integer overflow (#2568)

If a warc archive claims to have more than INT64_MAX - 4 content bytes,
the inevitable failure to skip all these bytes could lead to parsing
data which should be ignored instead.

The test case contains a conversation entry with that many bytes and if
the entry is not properly skipped, the warc implementation would read
the conversation data as a new file entry.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 Makefile.am                                   |  1 +
 libarchive/archive_read_support_format_warc.c |  7 ++++--
 libarchive/test/test_read_format_warc.c       | 24 +++++++++++++++++++
 .../test_read_format_warc_incomplete.warc.uu  | 10 ++++++++
 4 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 libarchive/test/test_read_format_warc_incomplete.warc.uu

Index: libarchive-3.3.3/Makefile.am
===================================================================
--- libarchive-3.3.3.orig/Makefile.am
+++ libarchive-3.3.3/Makefile.am
@@ -825,6 +825,7 @@ libarchive_test_EXTRA_DIST=\
 	libarchive/test/test_read_format_ustar_filename_eucjp.tar.Z.uu \
 	libarchive/test/test_read_format_ustar_filename_koi8r.tar.Z.uu \
 	libarchive/test/test_read_format_warc.warc.uu \
+	libarchive/test/test_read_format_warc_incomplete.warc.uu \
 	libarchive/test/test_read_format_zip.zip.uu \
 	libarchive/test/test_read_format_zip_comment_stored_1.zip.uu \
 	libarchive/test/test_read_format_zip_comment_stored_2.zip.uu \
Index: libarchive-3.3.3/libarchive/archive_read_support_format_warc.c
===================================================================
--- libarchive-3.3.3.orig/libarchive/archive_read_support_format_warc.c
+++ libarchive-3.3.3/libarchive/archive_read_support_format_warc.c
@@ -363,7 +363,8 @@ start_over:
 		/* FALLTHROUGH */
 	default:
 		/* consume the content and start over */
-		_warc_skip(a);
+		if (_warc_skip(a) < 0)
+			return (ARCHIVE_FATAL);
 		goto start_over;
 	}
 	return (ARCHIVE_OK);
@@ -416,7 +417,9 @@ _warc_skip(struct archive_read *a)
 {
 	struct warc_s *w = a->format->data;
 
-	__archive_read_consume(a, w->cntlen + 4U/*\r\n\r\n separator*/);
+	if (__archive_read_consume(a, w->cntlen) < 0 ||
+	    __archive_read_consume(a, 4U/*\r\n\r\n separator*/) < 0)
+		return (ARCHIVE_FATAL);
 	w->cntlen = 0U;
 	w->cntoff = 0U;
 	return (ARCHIVE_OK);