New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leak when decoding LZMA #1165
Comments
|
Yeah, it's not freeing the decoder on error. |
|
Note that calling For the test driver in the gist, I see the output: |
|
Thank you there is a ugly preprocessor typo in archive_read_format_zip_cleanup()! |
|
Thanks for the fix! This has been assigned CVE-2019-11463 by MITRE. |
|
@rohanpadhye This is very interesting because the zipx lzma support code was not released yet, so an affected version doesn't exist. |
|
Oops. This is my bad, since I filed the report. I referenced the release date of v3.3.3 rather than the commit date. I see now that the bug appears only in 3.3.4dev. I'll request to have the CVE record amended at once. |
I've encountered a memory leak while fuzzing libarchive. A 32-byte reproducer input is attached:
input.zip. Do not extract this zip file -- it is the fuzzed input itself.
To reproduce, build latest libarchive with ASAN (
clang -fsanitize=address) and run:Without ASAN, this can also be reproduced using Valgrind:
The text was updated successfully, but these errors were encountered: