[PATCH v2 0/2] erofs-utils: lib/tar: fix PAX header parsing issues
Utkal Singh
singhutkal015 at gmail.com
Mon Mar 16 17:51:17 AEDT 2026
These two patches fix input validation bugs in the PAX extended
header parser in lib/tar.c that can trigger crashes on malformed
or crafted tar archives.
Patch 1 skips PAX entries with empty path= value to avoid
out-of-bounds access on zero-length strings.
Patch 2 rejects negative size= values to prevent heap corruption
from incorrect allocation sizes in subsequent operations.
Changes in v2:
- Fix mixed indentation in patch 2/2 (use tabs, not spaces)
Utkal Singh (2):
erofs-utils: lib/tar: skip PAX entries with empty path
erofs-utils: lib/tar: reject negative size= value in PAX header
lib/tar.c | 7 +++++++
1 file changed, 7 insertions(+)
--
2.43.0
More information about the Linux-erofs
mailing list