Thanks, I installed the attached patch.
From 7d96e820a52531097db23f38725e178a9f7d66b0 Mon Sep 17 00:00:00 2001
From: Paul Eggert <egg...@cs.ucla.edu>
Date: Thu, 12 Jun 2025 00:20:52 -0700
Subject: [PATCH] Port short_read to UBSan
Problem reported by Kirill Furman in:
https://lists.gnu.org/r/bug-tar/2025-06/msg00002.html
* src/buffer.c (short_read): Use (char *) record_start,
instead of record_start->buffer, to avoid undefined behavior
accessing past end of buffer. In practice the undefined
behavior is harmless unless running with -fsanitize=undefined
or a similarly-picky implementation.
---
THANKS | 1 +
src/buffer.c | 7 ++-----
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/THANKS b/THANKS
index 21ae387e..20afca38 100644
--- a/THANKS
+++ b/THANKS
@@ -308,6 +308,7 @@ Kevin D Quitt d...@netcom.com
Kevin Dalley ke...@aimnet.com
Kimball Collins k...@ptolemy.arc.nasa.gov
Kimmy Posey kim...@bnr.ca
+Kirill Furman kfur...@astralinux.ru
Koji Kishi k...@rqa.sony.co.jp
Konno Hiroharu ko...@pac.co.jp
Kurt Jaeger p...@lf.net
diff --git a/src/buffer.c b/src/buffer.c
index 1cdeffc6..2c40e948 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -959,11 +959,8 @@ archive_is_dev (void)
static void
short_read (idx_t status)
{
- idx_t left; /* bytes left */
- char *more; /* pointer to next byte to read */
-
- more = record_start->buffer + status;
- left = record_size - status;
+ idx_t left = record_size - status; /* bytes left to read */
+ char *more = (char *) record_start + status; /* address of next read */
if (left && left % BLOCKSIZE == 0
&& (warning_option & WARN_RECORD_SIZE)
--
2.48.1
