go/src/archive/tar/reader_test.go, branch makepkg Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=makepkg 2026-02-03T11:04:30Z all: prealloc slice with possible minimum capabilities 2026-02-03T11:04:30Z Shulhan m.shulhan@gmail.com 2024-10-25T17:48:33Z urn:sha1:011e40da85bddf83fee0ded83cb9115b7a88b3d4 all: fix some minor grammatical issues in the comments 2025-12-30T15:28:53Z cuishuang imcusg@gmail.com 2025-12-18T02:36:50Z urn:sha1:fd45d70799853ef5980a559e206353574108d8da Change-Id: I0459f05e7f6abd9738813c65d993114e931720d5 Reviewed-on: https://go-review.googlesource.com/c/go/+/731000 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Keith Randall <khr@golang.org> Auto-Submit: Keith Randall <khr@golang.org> archive/tar, compress/bzip2: base64 some troublesome testdata files 2025-12-15T16:34:13Z Ian Lance Taylor iant@golang.org 2025-12-12T22:18:13Z urn:sha1:6713f46426c70f601ac33471d16be7b0e1aae349 This avoids complaints from scanners that look for and open tar and bz2 files, and complain if they look weird. In this case, they do look weird, because they are intentionally strange. This kind of thing shouldn't be necessary, but we already have the machinery to do it so it's easy enough. Fixes #76799 Change-Id: Ib302b3aef30108a1325f91fcb2d166f8e1863792 Reviewed-on: https://go-review.googlesource.com/c/go/+/729780 Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Ian Lance Taylor <iant@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Joseph Tsai <joetsai@digital-static.net> archive/tar: set a limit on the size of GNU sparse file 1.0 regions 2025-10-07T19:46:36Z Damien Neil dneil@google.com 2025-09-11T20:32:10Z urn:sha1:f7a68d3804efabd271f0338391858bc1e7e57422 Sparse files in tar archives contain only the non-zero components of the file. There are several different encodings for sparse files. When reading GNU tar pax 1.0 sparse files, archive/tar did not set a limit on the size of the sparse region data. A malicious archive containing a large number of sparse blocks could cause archive/tar to read an unbounded amount of data from the archive into memory. Since a malicious input can be highly compressable, a small compressed input could cause very large allocations. Cap the size of the sparse block data to the same limit used for PAX headers (1 MiB). Thanks to Harshit Gupta (Mr HAX) (https://www.linkedin.com/in/iam-harshit-gupta/) for reporting this issue. Fixes CVE-2025-58183 Fixes #75677 Change-Id: I70b907b584a7b8676df8a149a1db728ae681a770 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2800 Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/709861 Auto-Submit: Michael Pratt <mpratt@google.com> TryBot-Bypass: Michael Pratt <mpratt@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> archive/tar: use hash/crc32 instead of crypto/md5 for test checksums 2024-10-03T15:48:09Z qmuntal quimmuntal@gmail.com 2024-10-03T07:34:42Z urn:sha1:722ecf34474a33663f69220838af8c715185b5b7 Using MD5 for checksums in tests is an overkill, as MD5 is designed for cryptographic purposes. Use hash/crc32 instead, which is designed for detecting random data corruptions, aka checksums. Change-Id: I03b30ed7f38fba2a2e59d06bd4133b495f64a013 Reviewed-on: https://go-review.googlesource.com/c/go/+/617675 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: David Chase <drchase@google.com> archive: use slices and maps to clean up tests 2024-07-25T00:25:45Z apocelipes seve3r@outlook.com 2024-07-24T10:24:16Z urn:sha1:bd6f911f852f4a608e2cf11c1ce5b55ff0347866 Replace reflect.DeepEqual with slices.Equal/maps.Equal, which is much faster. Clean up some unnecessary helper functions. Change-Id: I9b94bd43886302b9b327539ab065a435ce0d75d9 GitHub-Last-Rev: b9ca21f165bcc5e45733e6a511a2344b1aa4a281 GitHub-Pull-Request: golang/go#67607 Reviewed-on: https://go-review.googlesource.com/c/go/+/587936 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Joseph Tsai <joetsai@digital-static.net> archive/tar, archive/zip: disable insecure file name checks with GODEBUG 2022-11-21T21:14:38Z Damien Neil dneil@google.com 2022-11-21T19:32:39Z urn:sha1:85a2c19b328081c3fbcd1fa3db9a56d708a25c68 Add GODEBUG=tarinsecurepath=1 and GODEBUG=zipinsecurepath=1 settings to disable file name validation. For #55356. Change-Id: Iaacdc629189493e7ea3537a81660215a59dd40a4 Reviewed-on: https://go-review.googlesource.com/c/go/+/452495 Reviewed-by: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> archive/tar, archive/zip: return ErrInsecurePath for unsafe paths 2022-11-16T23:36:48Z Damien Neil dneil@google.com 2022-09-22T23:22:04Z urn:sha1:a2d8157a7ecc8c7a91c93182ae4778aef505677e Return a distinguishable error when reading an archive file with a path that is: - absolute - escapes the current directory (../a) - on Windows, a reserved name such as NUL Users may ignore this error and proceed if they do not need name sanitization or intend to perform it themselves. Fixes #25849 Fixes #55356 Change-Id: Ieefa163f00384bc285ab329ea21a6561d39d8096 Reviewed-on: https://go-review.googlesource.com/c/go/+/449937 Reviewed-by: Joseph Tsai <joetsai@digital-static.net> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> archive/tar: limit size of headers 2022-10-05T20:40:43Z Damien Neil dneil@google.com 2022-09-03T03:45:18Z urn:sha1:0bf7ee9977c0218562c50a0b0f0d9cbdf33f65e6 Set a 1MiB limit on special file blocks (PAX headers, GNU long names, GNU link names), to avoid reading arbitrarily large amounts of data into memory. Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue. Fixes CVE-2022-2879 For #54853 Change-Id: I85136d6ff1e0af101a112190e027987ab4335680 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1565555 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/439355 Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> archive/tar: delete unreachable continue code 2022-08-17T03:03:59Z Abirdcfly fp544037857@gmail.com 2022-08-09T07:04:25Z urn:sha1:71424806fa76d5b5d1b2492741d2564664af136c Change-Id: Id492ee4e614a38880a6a5830371dcd9a8b37129a Reviewed-on: https://go-review.googlesource.com/c/go/+/422214 Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Joseph Tsai <joetsai@digital-static.net> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Ian Lance Taylor <iant@google.com> Run-TryBot: hopehook <hopehook@qq.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: hopehook <hopehook@qq.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>