Hello,
I've been playing a bit with fuzzers and tar 1.34 compiled with ASAN, and found the following non-exploitable crash:
```
$ ./src/tar -G -g -S --acls --selinux --xattrs -x -O --ignore-failed-read --ignore-command-error -B --warning=none -f ./id:000001*
./src/tar: Archive contains ‘\0appe’ where numeric mode_t value expected
=================================================================
==1019456==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffc9fbc33ad at pc 0x561989b22bc6 bp 0x7ffc9fbc32d0 sp 0x7ffc9fbc2a98
READ of size 2 at 0x7ffc9fbc33ad thread T0
#0 0x561989b22bc5 in strlen (/usr/local/google/home/jvoisin/dev/tar-1.34/src/tar+0x7ebc5) (BuildId: 8e7b576278e0e89042782b10c994241dd79d1c4a)
#1 0x561989bfe09b in xheader_xattr_add /usr/local/google/home/jvoisin/dev/tar-1.34/src/xheader.c:580:17
#2 0x561989c0656b in xattr_decoder /usr/local/google/home/jvoisin/dev/tar-1.34/src/xheader.c:1732:3
#3 0x561989bfef8c in decode_record /usr/local/google/home/jvoisin/dev/tar-1.34/src/xheader.c:743:3
#4 0x561989bfe6c0 in xheader_decode /usr/local/google/home/jvoisin/dev/tar-1.34/src/xheader.c:789:14
#5 0x561989c17831 in decode_header /usr/local/google/home/jvoisin/dev/tar-1.34/src/list.c:711:3
#6 0x561989c152fe in read_and /usr/local/google/home/jvoisin/dev/tar-1.34/src/list.c:194:4
#7 0x561989c4308b in main /usr/local/google/home/jvoisin/dev/tar-1.34/src/tar.c:2806:7
#8 0x7f62b3e29209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#9 0x7f62b3e292bb in __libc_start_main csu/../csu/libc-start.c:389:3
#10 0x561989b0ca80 in _start (/usr/local/google/home/jvoisin/dev/tar-1.34/src/tar+0x68a80) (BuildId: 8e7b576278e0e89042782b10c994241dd79d1c4a)
Address 0x7ffc9fbc33ad is located in stack of thread T0
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow (/usr/local/google/home/jvoisin/dev/tar-1.34/src/tar+0x7ebc5) (BuildId: 8e7b576278e0e89042782b10c994241dd79d1c4a) in strlen
Shadow bytes around the buggy address:
0x100013f70620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100013f70630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100013f70640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100013f70650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100013f70660: 00 00 00 00 ca ca ca ca 00 00 00 02 cb cb cb cb
=>0x100013f70670: ca ca ca ca 00[05]cb cb cb cb cb cb 00 00 00 00
0x100013f70680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100013f70690: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00
0x100013f706a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100013f706b0: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00
0x100013f706c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1019456==ABORTING
$
```
The reproducer is attached, and you may want to remove the checksum check from tar to reproduce the crash locally.
Cheers,
--
id:000000,sig:06,src:000120+000989,time:3630314,execs:1035790,op:splice,rep:16