Skip to content

malformed cab segfaults bsdtar #505

Open
@kwrobot

Description

@kwrobot

Original issue 397 created by Google Code user hanno@hboeck.de on 2015-02-03T03:55:02.000Z:

<b>What steps will reproduce the problem?</b>
1. bsdtar -xf segf.cab
2. segfault

<b>What version are you using?</b>
git head (e6c9668f3202215ddb71617b41c19b6f05acf008)

<b>On what operating system?</b>
Linux

<b>How did you build?  (cmake, configure, or pre-packaged binary)</b>
cmake

<b>What compiler or development environment (please include version)?</b>
gcc 4.9.2

<b>Please provide any additional information below.</b>
Found with american fuzzy lop

==20101== Invalid read of size 1
==20101==    at 0x411867: strip_absolute_path (in /mnt/ram/libarchive/plain/bin/bsdtar)
==20101==    by 0x41252A: edit_pathname (in /mnt/ram/libarchive/plain/bin/bsdtar)
==20101==    by 0x410A46: tar_mode_x (in /mnt/ram/libarchive/plain/bin/bsdtar)
==20101==    by 0x40EB13: main (in /mnt/ram/libarchive/plain/bin/bsdtar)
==20101==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

Looks like a null ptr. Will attach asan and valgrind output.

See attachment: segf.cab
See attachment: segf.cab.asan.txt
See attachment: segf.cab.valgrind.log

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions