An issue was discovered in GNU Tar 1.33 and earlier. There is a memory leak in read_header() in list.c in the tar application.
Created attachment 1748610 [details]
PoC - Test case for memory leak/crash
This is the .tar test case from my original report. Can be used with Valgrind to confirm the memory leak before the crash.
Memory pointed to by `next_long_name` and `next_long_link` was not being freed upon return of the `read_header()` routine in src/list.c. An attacker who provided a specially crafted input file to tar could cause an impact to application availability. The patch changes `read_header()` to not return before freeing memory pointed to by `next_long_name` and `next_long_link`.
Created tar tracking bugs for this issue:
Affects: fedora-all [bug 1917631]