From 42f454b13b8d972e85acd7f046065ec69af4d206 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko
Date: Fri, 11 Oct 2019 14:11:44 +0200
Subject: dpkg-deb: work around bogus error message when working with XZ
 compressed packages

function                                             old     new   delta
unpack_xz_stream                                    2309    2317      +8
bb_full_fd_action                                    464     472      +8

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 archival/libarchive/decompress_unxz.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'archival/libarchive/decompress_unxz.c')

diff --git a/archival/libarchive/decompress_unxz.c b/archival/libarchive/decompress_unxz.c
index f033413..3dd9bbf 100644
--- a/archival/libarchive/decompress_unxz.c
+++ b/archival/libarchive/decompress_unxz.c
@@ -96,6 +96,24 @@ unpack_xz_stream(transformer_state_t *xstate)
 			 */
 			do {
 				if (membuf[iobuf.in_pos] != 0) {
+					/* There is more data, but is it XZ data?
+					 * Example: dpkg-deb -f busybox_1.30.1-4_amd64.deb
+					 * reads control.tar.xz "control" file
+					 * inside the ar archive, but tar.xz
+					 * extraction code reaches end of xz data,
+					 * reached this code and reads the beginning
+					 * of data.tar.xz's ar header, which isn't xz data,
+					 * and prints "corrupted data".
+					 * The correct solution is to not read
+					 * past nested archive (to simulate EOF).
+					 * This is a workaround:
+					 */
+					if (membuf[iobuf.in_pos] != 0xfd) {
+						/* It's definitely not a xz signature
+						 * (which is 0xfd,"7zXZ",0x00).
+						 */
+						goto end;
+					}
 					xz_dec_reset(state);
 					goto do_run;
 				}
@@ -128,7 +146,7 @@ unpack_xz_stream(transformer_state_t *xstate)
 			break;
 		}
 	}
-
+ end:
 	xz_dec_end(state);
 	free(membuf);
 
-- 
cgit v1.1