Original issue 398 created by Google Code user hanno@hboeck.de on 2015-02-03T03:57:29.000Z:
<b>What steps will reproduce the problem?</b>
1. bsdtar -xf memcpy with either valgrind or address sanitizer will show overlapping memcpy command
<b>What version are you using?</b>
git head (e6c9668f3202215ddb71617b41c19b6f05acf008)
<b>On what operating system?</b>
Linux
<b>How did you build? (cmake, configure, or pre-packaged binary)</b>
cmake
<b>What compiler or development environment (please include version)?</b>
gcc 4.9.2
<b>Please provide any additional information below.</b>
Found with american fuzzy lop.
==20141==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x60300000ee60,0x60300000ee62) and [0x60300000ee61, 0x60300000ee63) overlap
#0 0x7f0173ebde94 (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x2fe94)
#1 0x6687fa in memcpy /usr/include/bits/string3.h:51
#2 0x6687fa in archive_string_append /mnt/ram/libarchive/libarchive/archive_string.c:206
#3 0x6687fa in archive_strncat /mnt/ram/libarchive/libarchive/archive_string.c:342
#4 0x6687fa in archive_mstring_copy_mbs_len /mnt/ram/libarchive/libarchive/archive_string.c:4051
#5 0x6687fa in archive_mstring_copy_mbs /mnt/ram/libarchive/libarchive/archive_string.c:4039
#6 0x430626 in edit_pathname /mnt/ram/libarchive/tar/util.c:555
#7 0x425c4b in read_archive /mnt/ram/libarchive/tar/read.c:331
#8 0x425c4b in tar_mode_x /mnt/ram/libarchive/tar/read.c:104
#9 0x415789 in main /mnt/ram/libarchive/tar/bsdtar.c:805
#10 0x7f0172b04f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
#11 0x41b10d (/mnt/ram/libarchive/b/bin/bsdtar+0x41b10d)
Will attach full asan and valgrind output.
Comment #1 originally posted by kientzle on 2015-02-07T07:04:48.000Z:
Thank you again! I appreciate your reporting these issues.
I believe this is completely fixed by git commit b6ba560.
In particular, archive_string_append() now uses memmove() to copy the string into the correct location in the string buffer, which should correctly handle cases where the source string was parsed from the string buffer itself.
Original issue 398 created by Google Code user
hanno@hboeck.deon 2015-02-03T03:57:29.000Z:See attachment: memcpy.cab
See attachment: memcpy.cab.asan.log
See attachment: memcpy.cab.valgrind.log
The text was updated successfully, but these errors were encountered: