Original issue 402 created by Google Code user hanno@hboeck.de on 2015-02-07T10:48:28.000Z:
Attached file will expose an invalid read access in bsdtar. Can be seen with address sanitizer or valgrind.
bsdtar -xf bsdtar-invalid-read.lzh
Version: git head 78e5fd4e8756b6c23c310d7c11722f663383b39c
asan backtrace:
==8312==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000ef4f at pc 0x560ded bp 0x7fff051276b0 sp 0x7fff051276a0
READ of size 1 at 0x60300000ef4f thread T0
#0 0x560dec in lha_read_file_extended_header libarchive/archive_read_support_format_lha.c:1216
#1 0x566316 in lha_read_file_header_2 libarchive/archive_read_support_format_lha.c:995
#2 0x566316 in archive_read_format_lha_read_header libarchive/archive_read_support_format_lha.c:577
#3 0x46c4d2 in _archive_read_next_header2 libarchive/archive_read.c:645
#4 0x46c4d2 in _archive_read_next_header libarchive/archive_read.c:685
#5 0x41b0b2 in read_archive tar/read.c:252
#6 0x41d243 in tar_mode_x tar/read.c:104
#7 0x40d78f in main tar/bsdtar.c:805
#8 0x7fdde6856f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
#9 0x412d81 (/mnt/ram/libarchive/bsdtar+0x412d81)
Original issue 402 created by Google Code user
hanno@hboeck.deon 2015-02-07T10:48:28.000Z:See attachment: bsdtar-invalid-read.lzh
See attachment: bsdtar-invalid-read.lzh.asan.txt
The text was updated successfully, but these errors were encountered: