Hello,
I am able to reproduce a bug in GNU tar (version 1.2.6 and 1.2.3-debian). One
just have to use a valid archive, say valid.tar, and do:
$ tar -tf valid.tar --index-file=bad_path
The filename bad_path must point to a file you cannot open in write mode,
for example /foo if you don't have permission to write into /.
I have looked at the source code and the problem stems from
decode_options() in tar.c:
if (index_file_name)
{
stdlis = fopen (index_file_name, "w");
if (! stdlis)
open_error (index_file_name);
}
What happens is that stdlis is still set to NULL so that any fprintf(stdlis,
...) triggers a segfault. I think the best behavior is to exit cleanly after
the call to open_error, with a non-zero exit code.
PS: I have not subscribed to this list, so please Cc me if you want me to read
your answer.
