fix: consistent TOCTOU behavior in sync t.list

This brings the TOCTOU handling behavior in t.list synchronous behavior
to be the same as the async behavior, and other high-level methods.

That is, if there is a write to a file after testing its size, then the
*smaller* data size will be used, rather than potentially trying to read
too much data into memory all at once.

PR-URL: #444
Credit: @fabasoad
Close: #444
Reviewed-by: @isaacs

Author: fabasoad

src/list.ts

@@ -57,16 +57,18 @@ export const filesFilter = (opt: TarOptions, files: string[]) => {
 const listFileSync = (opt: TarOptionsSyncFile) => {
   const p = new Parser(opt)
   const file = opt.file
-  let fd
+  let fd: number | undefined
   try {
-    const stat = fs.statSync(file)
-    const readSize = opt.maxReadSize || 16 * 1024 * 1024
+    fd = fs.openSync(file, 'r')
+    const stat: fs.Stats = fs.fstatSync(fd)
+    const readSize: number = opt.maxReadSize || 16 * 1024 * 1024
     if (stat.size < readSize) {
-      p.end(fs.readFileSync(file))
+      const buf = Buffer.allocUnsafe(stat.size)
+      fs.readSync(fd, buf, 0, stat.size, 0)
+      p.end(buf)
     } else {
       let pos = 0
       const buf = Buffer.allocUnsafe(readSize)
-      fd = fs.openSync(file, 'r')
       while (pos < stat.size) {
         const bytesRead = fs.readSync(fd, buf, 0, readSize, pos)
         pos += bytesRead