Invalid read / heap-buffer-overflow on malformed lzh/lha files #510

Closed
kwrobot opened this Issue Apr 11, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@kwrobot

kwrobot commented Apr 11, 2015

Original issue 402 created by Google Code user hanno@hboeck.de on 2015-02-07T10:48:28.000Z:

Attached file will expose an invalid read access in bsdtar. Can be seen with address sanitizer or valgrind.

bsdtar -xf bsdtar-invalid-read.lzh

Version: git head 78e5fd4e8756b6c23c310d7c11722f663383b39c

asan backtrace:
==8312==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000ef4f at pc 0x560ded bp 0x7fff051276b0 sp 0x7fff051276a0
READ of size 1 at 0x60300000ef4f thread T0
    #0 0x560dec in lha_read_file_extended_header libarchive/archive_read_support_format_lha.c:1216
    #1 0x566316 in lha_read_file_header_2 libarchive/archive_read_support_format_lha.c:995
    #2 0x566316 in archive_read_format_lha_read_header libarchive/archive_read_support_format_lha.c:577
    #3 0x46c4d2 in _archive_read_next_header2 libarchive/archive_read.c:645
    #4 0x46c4d2 in _archive_read_next_header libarchive/archive_read.c:685
    #5 0x41b0b2 in read_archive tar/read.c:252
    #6 0x41d243 in tar_mode_x tar/read.c:104
    #7 0x40d78f in main tar/bsdtar.c:805
    #8 0x7fdde6856f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
    #9 0x412d81 (/mnt/ram/libarchive/bsdtar+0x412d81)

See attachment: bsdtar-invalid-read.lzh
See attachment: bsdtar-invalid-read.lzh.asan.txt

@kwrobot

This comment has been minimized.

Show comment
Hide comment
@kwrobot

kwrobot Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-07T21:55:02.000Z:

This should be fixed in git commit e8a2e4d

Thanks for all your help identifying these problems!

kwrobot commented Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-07T21:55:02.000Z:

This should be fixed in git commit e8a2e4d

Thanks for all your help identifying these problems!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment