Skip to content

Invalid read / heap-buffer-overflow on malformed lzh/lha files #510

Closed
@kwrobot

Description

@kwrobot

Original issue 402 created by Google Code user hanno@hboeck.de on 2015-02-07T10:48:28.000Z:

Attached file will expose an invalid read access in bsdtar. Can be seen with address sanitizer or valgrind.

bsdtar -xf bsdtar-invalid-read.lzh

Version: git head 78e5fd4e8756b6c23c310d7c11722f663383b39c

asan backtrace:
==8312==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000ef4f at pc 0x560ded bp 0x7fff051276b0 sp 0x7fff051276a0
READ of size 1 at 0x60300000ef4f thread T0
    #0 0x560dec in lha_read_file_extended_header libarchive/archive_read_support_format_lha.c:1216
    #1 0x566316 in lha_read_file_header_2 libarchive/archive_read_support_format_lha.c:995
    #2 0x566316 in archive_read_format_lha_read_header libarchive/archive_read_support_format_lha.c:577
    #3 0x46c4d2 in _archive_read_next_header2 libarchive/archive_read.c:645
    #4 0x46c4d2 in _archive_read_next_header libarchive/archive_read.c:685
    #5 0x41b0b2 in read_archive tar/read.c:252
    #6 0x41d243 in tar_mode_x tar/read.c:104
    #7 0x40d78f in main tar/bsdtar.c:805
    #8 0x7fdde6856f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
    #9 0x412d81 (/mnt/ram/libarchive/bsdtar+0x412d81)

See attachment: bsdtar-invalid-read.lzh
See attachment: bsdtar-invalid-read.lzh.asan.txt

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions