From bc29d6cb3396dce92a53186d81f32df9ce3be7ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Igor=20Anic=CC=81?= <igor.anic@gmail.com>
Date: Thu, 22 Feb 2024 21:24:30 +0100
Subject: [PATCH] fix crash in tar found by fuzzing

Running fuzzing tar test with [zig std lib
fuzzing](https://github.com/squeek502/zig-std-lib-fuzzing) reached and
assert in tar implementation. Assert (in std lib) should not be
reachable by external input, so I'm fixing this to return error.
---
 lib/std/tar.zig                |   2 +-
 lib/std/tar/test.zig           |   4 ++++
 lib/std/tar/testdata/fuzz1.tar | Bin 0 -> 2052 bytes
 3 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 lib/std/tar/testdata/fuzz1.tar

diff --git a/lib/std/tar.zig b/lib/std/tar.zig
index e0a50a84cb85..e295585bf344 100644
--- a/lib/std/tar.zig
+++ b/lib/std/tar.zig
@@ -300,7 +300,7 @@ fn Iterator(comptime ReaderType: type) type {
         }
 
         inline fn readString(self: *Self, size: usize, buffer: []u8) ![]const u8 {
-            assert(buffer.len >= size);
+            if (size > buffer.len) return error.TarCorruptInput;
             const buf = buffer[0..size];
             try self.reader.readNoEof(buf);
             return nullStr(buf);
diff --git a/lib/std/tar/test.zig b/lib/std/tar/test.zig
index 82c73e25466d..f77b8a778a0a 100644
--- a/lib/std/tar/test.zig
+++ b/lib/std/tar/test.zig
@@ -313,6 +313,10 @@ test "tar run Go test cases" {
                 },
             },
         },
+        .{
+            .data = @embedFile("testdata/fuzz1.tar"),
+            .err = error.TarCorruptInput,
+        },
     };
 
     for (cases) |case| {
diff --git a/lib/std/tar/testdata/fuzz1.tar b/lib/std/tar/testdata/fuzz1.tar
new file mode 100644
index 0000000000000000000000000000000000000000..545949b82b098ed4f90c3cbef4cb308aa2392725
GIT binary patch
literal 2052
zcmdPX*VA|K$<Iso$;``Upbap900wNdAyClB#26+AQUYX~o12<2DEQFEIjE+V7MCOz
zDJY-{4rAVbRKGo%vFp){-H&GMB%bk@6vZT&j8!qJdq;WH4FTe#9c$zer5%*1%}h){
zdEC(46qLW=G)M{rQ1id3nW32(gMtCEUWMghplk4Ic{FP$UU`UH;EutocBD%Fe?kSH
XvrxedEJiS65hF#2`2{JehmBeQ`TXbL

literal 0
HcmV?d00001