Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

malformed mtree file causes invalid read access #512

kwrobot opened this issue Apr 11, 2015 · 1 comment


Copy link

@kwrobot kwrobot commented Apr 11, 2015

Original issue 404 created by Google Code user on 2015-02-07T11:30:42.000Z:

Attached file will cause an invalid read access in bsdtar. Can be seen with address sanitizer.

==30629==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000847ce2 at pc 0x43a436 bp 0x7fff284b4830 sp 0x7fff284b4820
READ of size 6 at 0x000000847ce2 thread T0
    #0 0x43a435 in ae_strtofflags libarchive/archive_entry.c:1753
    #1 0x43a435 in archive_entry_copy_fflags_text libarchive/archive_entry.c:808
    #2 0x577450 in parse_keyword libarchive/archive_read_support_format_mtree.c:1474
    #3 0x5795d4 in parse_line libarchive/archive_read_support_format_mtree.c:1315
    #4 0x5795d4 in parse_file libarchive/archive_read_support_format_mtree.c:1094
    #5 0x5795d4 in read_header libarchive/archive_read_support_format_mtree.c:1061
    #6 0x46c4d2 in _archive_read_next_header2 libarchive/archive_read.c:645
    #7 0x46c4d2 in _archive_read_next_header libarchive/archive_read.c:685
    #8 0x41b0b2 in read_archive tar/read.c:252
    #9 0x41d243 in tar_mode_x tar/read.c:104
    #10 0x40d78f in main tar/bsdtar.c:805
    #11 0x7f6795838f9f in __libc_start_main (/lib64/
    #12 0x412d81 (/mnt/ram/libarchive/bsdtar+0x412d81)

Will attach full asan output. Found with american fuzzy lop.

See attachment: invalid-read-overflow.mtree
See attachment: invalid-read-overflow.mtree.asan.txt


This comment has been minimized.

Copy link

@kwrobot kwrobot commented Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-07T21:03:39.000Z:

I believe this is completely fixed by git commit 1cbc76f

Thanks for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.