Hi Pavel, > There is still one new NULL pointer dereference.
Yes, I've noticed that too. I'll push a fix along with some other changes soon. > Also, the get_link_name > does not guarantee the two possibilities only: "successful read of symlink > name and seek the archive properly OR exit_failure" so cpio is unable to > recovery, potentially. In fact, there is little possibility for recovery. Before starting looking for next file header, cpio has to skip the current member contents, that is to go c_filesize bytes forward. If that field is incorrect, it can of course skip some valid archive members or even get past end of file (as it does in our case). > Note also, that I had to install the attached fix for the testsuite - as > the actual CVE fix causes different errors among different architectures. > The tested scenario is too non-deterministic also. Thanks! Regards, Sergey
