Heap Buffer Overflow on bchunk v1.2.1 and v1.2.0 #2
Description
I discovered an instance of heap buffer overflow bug on bchunk v1.2.1 and v1.2.0. This issue was discovered and can be replicated on a 32-bit Ubuntu machine, for instance I discovered the issue on Linux ubuntu 4.10.0-32-generic #36~16.04.1-Ubuntu SMP Wed Aug 9 09:18:53 UTC 2017 i686 i686 i686 GNU/Linux
The following is some stack trace information, please kindly advise how and where can I share the full output with more details and also the POC files to replicate the issue:
# bchunk any.bin $FILE /dev/null
ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5f00b91 at pc 0x080a717e bp 0xbf8b8f18 sp 0xbf8b8af0
WRITE of size 24 at 0xb5f00b91 thread T0
#0 0x80a717d (/opt/targetApps/asan/bchunk-1.2.1/bchunk+0x80a717d)
#1 0x80a724b (/opt/targetApps/asan/bchunk-1.2.1/bchunk+0x80a724b)
#2 0x81337e9 (/opt/targetApps/asan/bchunk-1.2.1/bchunk+0x81337e9)
#3 0x8135b2a (/opt/targetApps/asan/bchunk-1.2.1/bchunk+0x8135b2a)
#4 0xb748c636 (/lib/i386-linux-gnu/libc.so.6+0x18636)
#5 0x805ecd7 (/opt/targetApps/asan/bchunk-1.2.1/bchunk+0x805ecd7)
I have emailed the author a few days ago but I don't think he still maintain the code, since v1.2.0 was published in 2004. However, this project's v1.2.1 was published in 2016 so I believe that this is still maintained. This seems to be the only active upstream for bchunk. If this is not the right place to report the issue, please kindly point me to the right direction, thanks a lot!