You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hello! I've used the tar crate in a project to modify an archive and noticed the generated archives are invalid in some cases, /usr/bin/tar complains about a truncated archive and after some inspection I noticed the size that gets written appears to be multiplied by 8.
This doesn't seem to be an interoperability issue, calling .size() immediately after calling .set_size(...) also returns a value that's much bigger than what I intended to set.
I hacked together a minimal test case that searches with cargo-fuzz and found one:
#![no_main]use libfuzzer_sys::fuzz_target;use anyhow::Result;use anyhow::Context;use tar;fnrun_test(data:&[u8]) -> Result<()>{letmut r = &data[..];letmut a = tar::Archive::new(&mut r);let entry = a.entries()?.next().context("")??;letmut h = entry.header().clone();
h.set_size(1337);if h.size().context("failed to get size")? != 1337{panic!("bugged header");}Ok(())}fuzz_target!(|data:&[u8]| {
run_test(data).ok();});
hello! I've used the
tarcrate in a project to modify an archive and noticed the generated archives are invalid in some cases,/usr/bin/tarcomplains about a truncated archive and after some inspection I noticed the size that gets written appears to be multiplied by 8.This doesn't seem to be an interoperability issue, calling
.size()immediately after calling.set_size(...)also returns a value that's much bigger than what I intended to set.I hacked together a minimal test case that searches with cargo-fuzz and found one:
tar
Screenshot
Possibly related to #286, #298
The text was updated successfully, but these errors were encountered: