From 0a86b117bf0a29b4996592d6ad29c46833ae44c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Igor=20Anic=CC=81?= <igor.anic@gmail.com>
Date: Fri, 23 Feb 2024 21:57:40 +0100
Subject: [PATCH] std.tar fix integer overflow in header size parse

Found by fuzzing. Fixing code and adding test.
---
 lib/std/tar.zig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/std/tar.zig b/lib/std/tar.zig
index 439a513161..6c67600731 100644
--- a/lib/std/tar.zig
+++ b/lib/std/tar.zig
@@ -155,7 +155,7 @@ pub const Header = struct {
         // If the leading byte is 0x80 (128), the non-leading bytes of the
         // field are concatenated in big-endian order.
         if (raw[0] == 0x80) {
-            if (raw[1] + raw[2] + raw[3] != 0) return error.TarNumericValueTooBig;
+            if (raw[1] != 0 or raw[2] != 0 or raw[3] != 0) return error.TarNumericValueTooBig;
             return std.mem.readInt(u64, raw[4..12], .big);
         }
         return try header.octal(start, len);
@@ -769,6 +769,7 @@ test "tar header parse size" {
         .{ .in = "\x80\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08", .want = 0x0102030405060708 },
         .{ .in = "\x80\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09", .err = error.TarNumericValueTooBig },
         .{ .in = "\x80\x00\x00\x00\x07\x76\xa2\x22\xeb\x8a\x72\x61", .want = 537795476381659745 },
+        .{ .in = "\x80\x80\x80\x00\x01\x02\x03\x04\x05\x06\x07\x08", .err = error.TarNumericValueTooBig },
 
         // // Test base-8 (octal) encoded values.
         .{ .in = "00000000227\x00", .want = 0o227 },