FuzzTar+tar: Advance the stream before continuing

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53733 This bug was caused by a regression introduced in c88d8a2.
Author: https://github.com/implicitfield Commit: https://github.com/SerenityOS/serenity/commit/19e6befddc Pull-request: https://github.com/SerenityOS/serenity/pull/16181
2024-11-22 07:30:19 +00:00 · 2022-11-25 16:30:45 +02:00 · 2022-11-25 16:30:45 +02:00 · 19e6befddc · 2024-07-17 11:29:41 +09:00
commit 19e6befddc
parent 73e87d694e
2 changed files with 8 additions and 2 deletions
--- a/Meta/Lagom/Fuzzers/FuzzTar.cpp
+++ b/Meta/Lagom/Fuzzers/FuzzTar.cpp
@ -19,8 +19,12 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size)
    while (!tar_stream.finished()) {
        auto const& header = tar_stream.header();

-        if (!header.content_is_like_extended_header())
-            continue;
+        if (!header.content_is_like_extended_header()) {
+            if (tar_stream.advance().is_error())
+                return 0;
+            else
+                continue;
+        }

        switch (header.type_flag()) {
        case Archive::TarFileType::GlobalExtendedHeader:
--- a/Userland/Utilities/tar.cpp
+++ b/Userland/Utilities/tar.cpp
@ -124,6 +124,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
                    VERIFY_NOT_REACHED();
                }

+                TRY(tar_stream.advance());
                continue;
            }

@ -141,6 +142,7 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
                    long_name.append(reinterpret_cast<char*>(buffer.data()), bytes_read);

                local_overrides.set("path", long_name.to_string());
+                TRY(tar_stream.advance());
                continue;
            }
            default: