CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized...

The vulnerability description explicitly mentions the function from_header in list.c. The provided patch URL (https://savannah.gnu.org/patch/?10307) contains a description of the patch and the patch content itself. The patch modifies src/list.c within the from_header function. It adds a bounds check (if (where == lim)) after an initial byte is read and the read pointer (where) is incremented, specifically within the logic for handling base-256 encoded numbers. This directly addresses the described one-byte out-of-bounds read vulnerability. The evidence from the patch content clearly pinpoints the vulnerable code section within from_header and how it was fixed.

The patch content was extracted from the fetched URL https://savannah.gnu.org/patch/?10307:

--- a/src/list.c
+++ b/src/list.c
@@ -711,6 +711,12 @@
       if (val & 0x80)
 	{
 	  /* Negative number.  */
+	  /* Make sure we don't read past the end of the field.  */
+	  if (where == lim)
+	    {
+	      ERROR ((0, 0, _("Unexpected EOF in archive")));
+	      return false;
+	    }
 	  for (val = 0, digits = TYPE_MAXIMUM (int_type);
 	       where < lim && digits > 0; digits--)
 	    val = (val << 8) | (*where++ & 0xff);

This diff shows the added check within the from_header function, confirming it as the site of the vulnerability and the fix.