libarchive: imported version 3.8.6

Author: adam

archivers/libarchive/files/contrib/oss-fuzz/libarchive_linkify_fuzzer.cc

@@ -76,14 +76,19 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
     // This is the main function we want to fuzz (zero coverage)
     archive_entry_linkify(resolver, &entry, &spare);
 
-    // entry and spare may be modified by linkify
-    // We still need to free the original entries we allocated
+    // Update entries[i] to reflect ownership changes from linkify.
+    // If linkify cached the entry internally, entry is now NULL and the
+    // resolver owns the object. If linkify swapped it with a previously
+    // cached entry, entry points to that other object.
+    entries[i] = entry;
+
+    // Free any entry returned via spare (complete hardlink pair)
     if (spare != NULL) {
       archive_entry_free(spare);
     }
   }
 
-  // Free remaining entries from the resolver
+  // Free remaining entries from the resolver (drain loop)
   struct archive_entry *entry = NULL;
   struct archive_entry *spare = NULL;
   while (1) {
@@ -98,7 +103,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
     }
   }
 
-  // Free all our created entries
+  // Free all our created entries that were NOT consumed by the resolver
   for (int i = 0; i < num_entries; i++) {
     if (entries[i] != NULL) {
       archive_entry_free(entries[i]);

archivers/libarchive/files/libarchive/test/test_acl_text.c

@@ -404,6 +404,29 @@ DEFINE_TEST(test_acl_from_text)
 	archive_entry_acl_clear(ae);
 
 	free(ws);
+
+	/*
+	 * 6. Malformed "default" prefix with no tag field should return
+	 *    ARCHIVE_WARN, not crash (GitHub issue #2744).
+	 *    When the ACL text is just "d" or "default" with type DEFAULT,
+	 *    the parser recognises the default prefix but field[1] is NULL,
+	 *    which previously caused a NULL-pointer dereference.
+	 */
+	archive_entry_acl_clear(ae);
+	assertEqualInt(ARCHIVE_WARN,
+	    archive_entry_acl_from_text(ae, "d",
+	    ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
+	assertEqualInt(ARCHIVE_WARN,
+	    archive_entry_acl_from_text_w(ae, L"d",
+	    ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
+	archive_entry_acl_clear(ae);
+	assertEqualInt(ARCHIVE_WARN,
+	    archive_entry_acl_from_text(ae, "default",
+	    ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
+	assertEqualInt(ARCHIVE_WARN,
+	    archive_entry_acl_from_text_w(ae, L"default",
+	    ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
+
 	archive_entry_free(ae);
 }
 

archivers/libarchive/files/libarchive/test/test_read_format_7zip_malformed.c

@@ -59,8 +59,25 @@ test_malformed2(void)
 	assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a));
 }
 
+
+static void
+test_malformed3(void)
+{
+	const char *refname = "test_read_format_7zip_malformed3.7z";
+	struct archive *a;
+
+	extract_reference_file(refname);
+
+	assert((a = archive_read_new()) != NULL);
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
+	assertEqualIntA(a, ARCHIVE_FATAL, archive_read_open_filename(a, refname, 10240));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a));
+}
+
 DEFINE_TEST(test_read_format_7zip_malformed)
 {
 	test_malformed1();
 	test_malformed2();
+	test_malformed3();
 }

archivers/libarchive/files/libarchive/test/test_read_format_7zip_malformed3.7z.uu

@@ -0,0 +1,24 @@
+begin 644 test_read_format_7zip_malformed3.7z
+M?T5,1@("`64N9&5B=0``+ZZNRO_______P```/\Q```````````"````````
+M```L0"!S+F)S,``1<P!```H``FMK__](:VMK:VNAH:$!`*&AH:&A)S$```!C
+M;VUP>FEP503_8G-S90``````#0H-_P```'X```````````(`````````````
+M`*D``````"\`````____^@````$````````#`/__________<RYD96)U```O
+MKJ[*________````_S$```````````(``````````"Q`(',N8G,P`!%S`$``
+M(``":VNAH2<Q```````#Z'K__P5%145%____________`/__________;VUP
+M>FEP503_8G-S90``````#0H-_P```'X```````````(``````````````*D`
+M`````"\`````____^@````$````````#_P```/______<RYD96)U```OKJ[*
+M________````_S$```````````(``````````"Q`(',N8G,P`!%S`$"0`P`"
+M:VLR:TAK:VMK:Z&AH0$`H:&AH:$G,@```&-O;7!Z:7!5!/]28W-E```````-
+M"@W_````?@```````````@``````````````J0``````+P`````0___Z````
+M`0````````,`__________\PXT$N9&%T80#^E)3+E)24_P3_____________
+M____(________^+______P5%145%____________`/__________________
+M_____________________^?_________145%0``#`/Z4E,N4P<'!P<'!E```
+M`/_R`````'5U=75U=75U=75U=75U=75U=75U=75U=75U=75U=75U=75U=75U
+M=75U=75U=75U=75U=75U=75U=75U=75U=75U=75U=75U=75U=0`````"````
+M```````L0"!S+F4```````T*#?\```!^```````````"``````````````"I
+M```````O`````/___^0````!`````````P#__W5U=75U=75U=75U=75U=75U
+M=0`````"```````````L0"!S+F)S,?P1<P!```,`"&MK,FM(:VMK145%145%
+,P45%145%1?____\$
+`
+end
+

archivers/libarchive/files/libarchive/test/test_read_format_7zip_sfx_elf64trunc.elf.uu

@@ -0,0 +1,5 @@
+begin 664 test_read_format_7zip_sfx_elf64trunc.elf
+M?T5,1@("````````````````````````````````````````````````````
+2```````````````````H``$`
+`
+end

archivers/libarchive/files/libarchive/test/test_read_format_lha_oversize_header.c

@@ -0,0 +1,50 @@
+/*-
+ * Copyright (c) 2026 Tim Kientzle
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "test.h"
+
+DEFINE_TEST(test_read_format_lha_oversize_header)
+{
+	const char *refname = "test_read_format_lha_oversize_header.lzh";
+	extract_reference_file(refname);
+	struct archive_entry *ae;
+	struct archive *a;
+
+	assert((a = archive_read_new()) != NULL);
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
+
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, refname, 10240));
+
+	/* First 18 entries in the test file are well-formed */
+	for (int i = 0; i < 18; i++) {
+	  assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae));
+	}
+
+	/* 19th has an oversized header */
+	assertEqualInt(ARCHIVE_FATAL, archive_read_next_header(a, &ae));
+
+	assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
+	assertEqualInt(ARCHIVE_OK, archive_read_free(a));
+}

archivers/libarchive/files/libarchive/test/test_read_format_lha_oversize_header.lzh.uu

@@ -0,0 +1,60 @@
+begin 644 test_read_format_lha_oversize_header.lzh
+M)L`M;&AD+0```````````$@B[!``!&1I<EP``%4`@5$!`.A!Z0/I`R?X+6QH
+M9"T```````````!((NP0``5D:7(R7```50"!40$`[4'I`^D#.'PM;&AD+0``
+M`````````4@C[!``%F1I<C)<<WEM;&EN:S%\+BY<9FEL93$``%4``J,"`.VA
+MZ0/I`SA^+6QH9"T```````````%((^P0`!9D:7(R7'-Y;6QI;FLR?"XN7&9I
+M;&4R``!5``*C`@#MH>D#Z0,GO2UL:#4M(@```#P`````2"+L(``%9FEL93&D
+MYU4`@5$!`*2!Z0/I`P`80FYIQ>/Z`=-:'>9%#"P%J!\CH0"/GE$,.W6FMSD%
+M*_4G02UL:#4M(@```$X`````2"+L(``%9FEL93+5%54`@5$!`+:!Z0/I`P`8
+M0FYIQV/Z`=.:'.9%#"P%J-\+H0"/'E$,.W6FMSD%*_T9?RUL:&0M&@``````
+M````2"+L(`$```!5!P`"9&ER_P4`4.A!!P!1Z0/I`P<`5(%1`0```!F!+6QH
+M9"T;``````````!((NP@`0```%4(``)D:7(R_P4`4.U!!P!1Z0/I`P<`5(%1
+M`0```!YQ+6QH9"TG``````````%((^P@`05F:6QE,0``510``F1I<C+_<WEM
+M;&EN:S%\+B[_!0!0[:$'`%'I`^D#!P!4`J,"````'G(M;&AD+2<`````````
+M`4@C["`!!69I;&4R``!5%``"9&ER,O]S>6UL:6YK,GPN+O\%`%#MH0<`4>D#
+MZ0,'`%0"HP(````>!BUL:#4M-0```#P`````2"+L(`$%9FEL93&DYU4%`%"D
+M@0<`4>D#Z0,'`%2!40$`````&$)N:<7C^@'36AWF10PL!:@?(Z$`CYY1##MU
+MIK<Y!2OU'G@M;&@U+34```!.`````$@B["`!!69I;&4RU155!0!0MH$'`%'I
+M`^D#!P!4@5$!`````!A";FG'8_H!TYH<YD4,+`6HWPNA`(\>40P[=::W.04K
+M_34`+6QH9"T``````````(%1`0`@`@``504```7>`P`!!P`"9&ER_P4`4.A!
+M!P!1Z0/I`P``-@`M;&AD+0``````````@5$!`"`"``!5!0``")D#``$(``)D
+M:7(R_P4`4.U!!P!1Z0/I`P``1P`M;&AD+0```````````J,"`"`"``!5!0``
+MM*D(``%F:6QE,10``F1I<C+_<WEM;&EN:S%\+B[_!0!0[:$'`%'I`^D#``!'
+M`"UL:&0M```````````"HP(`(`(``%4%``"'[0@``69I;&4R%``"9&ER,O]S
+M>6UL:6YK,GPN+O\%`%#MH0<`4>D#Z0,``#,`+6QH-2TB````/````(%1`0`@
+M`J3G504``/T!"``!9FEL93$%`%"D@0<`4>D#Z0,````80FYIQ>/Z`=-:'>9%
+M#"P%J!\CH0"/GE$,.W6FMSD%*_4S`"UL:#4M(@```$X```"!40$`(`+5%54%
+M```OQ@@``69I;&4R!0!0MH$'`%'I`^D#````&$)N:<=C^@'3FASF10PL!:C?
+M"Z$`CQY1##MUIK<Y!2O]!``M;&AD+0``````````@5$!`"`#``!-?/[___\`
+M````````````````````````````````````````````````````````````
+M`````````````````````````````````````$:D`P``!0````$)`````F1I
+M<O\'````0!``&0```/_M00`````````````,%?Y,1!K^3!T```!!S-]1M/Z5
+MRP&`UD``J+*=`0!Z#]`!ELL!"``````NKP<`````!``M;&AD+0``````````
+M@5$!`"`#``!-?0````D```!&I`,```4````!"@````)D:7(R_P<```!`$``9
+M````_^U!`````````````"$:_DQ$&OY,'0```$%*@6Z[`9;+`8#60`"HLIT!
+M`'H/T`&6RP$(`````'T7!P`````$`"UL:#4M)````#P```"!40$`(`.DYTUQ
+M````"0```$:D`P``"@````%F:6QE,1D```#_I($`````````````QQ3^3",:
+M_DP=````031"HHK^E<L!@-9``*BRG0'^<J2\`9;+`0@`````"O$'```````9
+M0FV1J+1V@'IK0ZGID/-H#J@6.H0"'V^-&353:F^XA-UZ@`0`+6QH-2TD````
+M3@```(%1`0`@`]4537$````)````1J0#```*`````69I;&4R&0```/^D@0``
+M```````````A&OY,(QK^3!T```!!_D5SNP&6RP&`UD``J+*=`5C5IKP!ELL!
+M"`````!!W@<``````!E";9&H[':`>G-#B>F0\V@.J,8:A`(>;XT9-5-J;[B$
+MW7Z`-0`M;&AD+0``````````@5$!`"`"``!5!40:_DP=````0<S?4;3^E<L!
+M@-9``*BRG0$`>@_0`9;+`0@`````+J\'``````0`+6QH9"T``````````(%1
+M`0`@`P``37T````)````1J0#```%`````0H````"9&ER,O\'````0!``&0``
+M`/_M00`````````````A&OY,1!K^3!T```!!2H%NNP&6RP&`UD``J+*=`0!Z
+M#]`!ELL!"`````!]%P<`````!``M;&@U+20````\````@5$!`"`#I.=-<0``
+M``D```!&I`,```H````!9FEL93$9````_Z2!`````````````,<4_DPC&OY,
+M'0```$$T0J**_I7+`8#60`"HLIT!_G*DO`&6RP$(``````KQ!P``````&4)M
+MD:BT=H!Z:T.IZ9!1Z0/I`P```FUK=XVV['"Z\`>$(6[`2-EZ5P&P^!J*0MPV
+M*IM]&^L37/)<Y+,0WC;RYN647;X'R_\P`E;2>[SD(6GCE`4$+,RA<%QVYXC%
+M'H1Q`I@_B\H/L@(+W3`0@5CY6X%Q%WW+@7<`8(F7=77U]%5YG?`;3N&I:_6Y
+MWA$,3F@?:)>FZ!<!"?.:#C/:',\PG@>:WRP0:TH8%&:/A#VMNUUD[D?+:#XK
+M%3NMR(PSF4;V"^\X0/E3JMRQ46+7\I]S@7ZJNTX[ROSD+=\7\.O#I:W._S>P
+M-B(W4`=N<T/$OT+5];U>*!<4AM0Y4$L'"(=02P,$\$*.O%TM;&@U+0``KPLX
+M+4``2@````````"``````/________\`````````V0````"A````````````
+M````````````+6QH-RT```!8$,P.0&OJER*:CF[S6/=2*T4J8HB@[:HP^'7*
+MK?(\7:Y+-"U'*^OXT210`,J%*>9(T9[(@N(DJ+A)A```3`]%Z8U.^3!F0_G-
+17YFUYB_%6DWMSZ8'\Z-^CR@`
+`
+end

archivers/libarchive/files/libarchive/test/test_read_format_rar5_loop_bug.c

@@ -0,0 +1,53 @@
+/*-
+ * Copyright (c) 2026 Tim Kientzle
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "test.h"
+
+DEFINE_TEST(test_read_format_rar5_loop_bug)
+{
+  const char *reffile = "test_read_format_rar5_loop_bug.rar";
+  struct archive_entry *ae;
+  struct archive *a;
+  const void *buf;
+  size_t size;
+  la_int64_t offset;
+
+  extract_reference_file(reffile);
+  assert((a = archive_read_new()) != NULL);
+  assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
+  assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
+  assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, reffile, 10240));
+
+  // This has just one entry
+  assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae));
+
+  // Read blocks until the end of the entry
+  while (ARCHIVE_OK == archive_read_data_block(a, &buf, &size, &offset)) {
+  }
+
+  assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae));
+
+  assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
+  assertEqualInt(ARCHIVE_OK, archive_free(a));
+}