From 466017cf767efdfde89f9dfc0d177aeca0644c1d Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@FreeBSD.org>
Date: Tue, 8 Sep 2009 05:02:41 +0000
Subject: [PATCH] Fiz /usr/bin/unzip: A bug deep in libarchive's read-ahead
logic (incorrect handling of zero-length reads before the copy buffer is
allocated) is masked by the iso9660 taster. Tar and cpio both enable that
taster so were protected from the bug; unzip is susceptible.
This both fixes the bug and updates the test harness to exercise
this case.
Submitted by: Ed Schouten diagnosed the bug and drafted a patch
MFC after: 7 days
---
lib/libarchive/archive_read.c | 7 +++++--
lib/libarchive/test/test_compat_zip.c | 2 +-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/lib/libarchive/archive_read.c b/lib/libarchive/archive_read.c
index 9274d661cc45..fd4f888867bd 100644
--- a/lib/libarchive/archive_read.c
+++ b/lib/libarchive/archive_read.c
@@ -928,9 +928,12 @@ __archive_read_filter_ahead(struct archive_read_filter *filter,
for (;;) {
/*
- * If we can satisfy from the copy buffer, we're done.
+ * If we can satisfy from the copy buffer (and the
+ * copy buffer isn't empty), we're done. In particular,
+ * note that min == 0 is a perfectly well-defined
+ * request.
*/
- if (filter->avail >= min) {
+ if (filter->avail >= min && filter->avail > 0) {
if (avail != NULL)
*avail = filter->avail;
return (filter->next);
diff --git a/lib/libarchive/test/test_compat_zip.c b/lib/libarchive/test/test_compat_zip.c
index f60bc4f817aa..fefc6fefabdf 100644
--- a/lib/libarchive/test/test_compat_zip.c
+++ b/lib/libarchive/test/test_compat_zip.c
@@ -36,7 +36,7 @@ test_compat_zip_1(void)
assert((a = archive_read_new()) != NULL);
assertEqualIntA(a, ARCHIVE_OK, archive_read_support_compression_all(a));
- assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
+ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip(a));
extract_reference_file(name);
assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, name, 10240));