[src/trunk]: src/external/bsd/libarchive/dist/libarchive Fix undefined behavi...

[kamil <kamil%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/aa17c76efa13
branches:  trunk
changeset: 1007714:aa17c76efa13
user:      kamil <kamil%NetBSD.org@localhost>
date:      Thu Feb 27 10:35:08 2020 +0000

description:
Fix undefined behavior in archive_read_support_format_xar()

Cherry-pick upstream patch:

>From 2cfda000bc5159d46fd8ead7d1bd3ea1f66f7948 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin%matuska.org@localhost>
Date: Thu, 27 Feb 2020 01:54:19 +0100
Subject: [PATCH] XAR reader: initialize file_queue with 0 and memcpy() if
 allocated only

Fixes #1338

diffstat:

 external/bsd/libarchive/dist/libarchive/archive_read_support_format_xar.c |  17 +++++++--
 1 files changed, 13 insertions(+), 4 deletions(-)

diffs (44 lines):

diff -r f0b2bd168383 -r aa17c76efa13 external/bsd/libarchive/dist/libarchive/archive_read_support_format_xar.c
--- a/external/bsd/libarchive/dist/libarchive/archive_read_support_format_xar.c Thu Feb 27 10:32:35 2020 +0000
+++ b/external/bsd/libarchive/dist/libarchive/archive_read_support_format_xar.c Thu Feb 27 10:35:08 2020 +0000
@@ -458,6 +458,11 @@
                return (ARCHIVE_FATAL);
        }
 
+       /* initialize xar->file_queue */
+       xar->file_queue.allocated = 0;
+       xar->file_queue.used = 0;
+       xar->file_queue.files = NULL;
+
        r = __archive_read_register_format(a,
            xar,
            "xar",
@@ -1221,10 +1226,12 @@
        /* Expand our pending files list as necessary. */
        if (heap->used >= heap->allocated) {
                struct xar_file **new_pending_files;
-               int new_size = heap->allocated * 2;
+               int new_size;
 
                if (heap->allocated < 1024)
                        new_size = 1024;
+               else
+                       new_size = heap->allocated * 2;
                /* Overflow might keep us from growing the list. */
                if (new_size <= heap->allocated) {
                        archive_set_error(&a->archive,
@@ -1238,9 +1245,11 @@
                            ENOMEM, "Out of memory");
                        return (ARCHIVE_FATAL);
                }
-               memcpy(new_pending_files, heap->files,
-                   heap->allocated * sizeof(new_pending_files[0]));
-               free(heap->files);
+               if (heap->allocated) {
+                       memcpy(new_pending_files, heap->files,
+                           heap->allocated * sizeof(new_pending_files[0]));
+                       free(heap->files);
+               }
                heap->files = new_pending_files;
                heap->allocated = new_size;
        }