Problem

https://github.com/moby/moby/blob/master/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go#L124

This line can read any number of \0s at the end of an archive, potentially taking up all the space in RAM.

We actually read in memory the complete padding sequence.

Reproductible

To reproduce, compress a high amount of 0s and push&pull as an image.

Solution

We should:

• validate the integrity of tar headers
• either refuse large padding sequences or read block by block and write on disk above a certain limit.

/cc @thaJeztah @vdemeester @stevvooe