That fixes it for me, thanks, and is slightly more elegant than my patch. :)
Attached is a test suite I wrote to exercise the append code. Please consider merging this. Ross On Thu, 29 Nov 2018 at 06:22, Pavel Raiskup <prais...@redhat.com> wrote: > > Thanks for the report. > > On Wednesday, November 28, 2018 3:18:13 PM CET Burton, Ross wrote: > > Using current git master of cpio, and introduced with the > > CVE-2016-2037 out-of-bounds patch, I can trivially crash cpio. For > > example from the top of the cpio git clone: > > > > $ find gnulib/ | ./src/cpio -o -H newc >foo.cpio > > 70240 blocks > > $ echo NEWS | ./src/cpio -oA -H newc -F foo.cpio > > Segmentation fault (core dumped) > > Please have a look at the attached patch. > > Pavel
0001-tests-add-test-for-archive-append.patch
Description: Binary data
