From 18251f585e5facc17cca32786fa238c850741bdf Mon Sep 17 00:00:00 2001
From: Vaibhav Gupta <evaibhavmail@gmail.com>
Date: Wed, 10 Sep 2025 11:48:42 +0530
Subject: [PATCH 1/2] gh-137396: Guard against negative offset in tarfile
 (GH-XXXXX)

---
 Lib/tarfile.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Lib/tarfile.py b/Lib/tarfile.py
index 7db3a40c9b33cf..9a98039dc80181 100644
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -1437,7 +1437,7 @@ def _proc_sparse(self, tarfile):
                     numbytes = nti(buf[pos + 12:pos + 24])
                 except ValueError:
                     break
-                if offset and numbytes:
+                if offset >= 0 and numbytes >= 0:
                     structs.append((offset, numbytes))
                 pos += 24
             isextended = bool(buf[504])

From 3812d6edb72b86cf66dce095aa62a7e89dbc4203 Mon Sep 17 00:00:00 2001
From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com>
Date: Wed, 10 Sep 2025 06:42:16 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?=
 =?UTF-8?q?rb=5Fit.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../next/Library/2025-09-10-06-42-15.gh-issue-137396.dtx0B3.rst  | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 Misc/NEWS.d/next/Library/2025-09-10-06-42-15.gh-issue-137396.dtx0B3.rst

diff --git a/Misc/NEWS.d/next/Library/2025-09-10-06-42-15.gh-issue-137396.dtx0B3.rst b/Misc/NEWS.d/next/Library/2025-09-10-06-42-15.gh-issue-137396.dtx0B3.rst
new file mode 100644
index 00000000000000..c553b8de328882
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-09-10-06-42-15.gh-issue-137396.dtx0B3.rst
@@ -0,0 +1 @@
+tarfile: Fix parsing of GNU sparse headers by disallowing negative values for offset and numbytes.