Reject negative PAX size values when reading TAR headers (#128368)

iremyux · web-flow · commit b129b7c103a5 · 2026-05-20T11:51:13.000+02:00
This change adds a validation check while applying extended attributes
in TarHeader.Read.cs so that a negative size value from PAX metadata now
throws InvalidDataException instead of being accepted.
diff --git a/src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarHeader.Read.cs b/src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarHeader.Read.cs
@@ -151,6 +151,11 @@ internal void ReplaceNormalAttributesWithExtended(IEnumerable<KeyValuePair<strin
             // The 'size' header field only fits 12 bytes, so the data section length that surpases that limit needs to be retrieved
             if (TarHelpers.TryGetStringAsBaseTenLong(ExtendedAttributes, PaxEaSize, out long size))
             {
+                if (size < 0)
+                {
+                    throw new InvalidDataException(SR.Format(SR.TarSizeFieldNegative));
+                }
+
                 _size = size;
             }
 

Original file line number	Diff line number	Diff line change
`@@ -151,6 +151,11 @@ internal void ReplaceNormalAttributesWithExtended(IEnumerable<KeyValuePair<strin`
`151`	`151`	`// The 'size' header field only fits 12 bytes, so the data section length that surpases that limit needs to be retrieved`
`152`	`152`	`if (TarHelpers.TryGetStringAsBaseTenLong(ExtendedAttributes, PaxEaSize, out long size))`
`153`	`153`	`{`
	`154`	`+ if (size < 0)`
	`155`	`+ {`
	`156`	`+ throw new InvalidDataException(SR.Format(SR.TarSizeFieldNegative));`
	`157`	`+ }`
	`158`	`+`
`154`	`159`	`_size = size;`
`155`	`160`	`}`
`156`	`161`