Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault on malformed zip files #514

Closed
kwrobot opened this issue Apr 11, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@kwrobot
Copy link

commented Apr 11, 2015

Original issue 406 created by Google Code user hanno@hboeck.de on 2015-02-07T23:04:41.000Z:

I'm attaching these all to one bug, although I'm not sure if this is all the same bug. All three attached files will cause a segfault in the function process_extra. But the call traces are different.
variant3 doesn't segfault without address sanitizer.

I've attached the crashing files and address sanitizer output. All found with american fuzzy lop.

See attachment: bsdtar-zip-crash-variant1.zip
See attachment: bsdtar-zip-crash-variant1.zip.asan.txt
See attachment: bsdtar-zip-crash-variant2.zip
See attachment: bsdtar-zip-crash-variant2.zip.asan.txt
See attachment: bsdtar-zip-crash-variant3.zip
See attachment: bsdtar-zip-crash-variant3.zip.asan.txt

@kwrobot

This comment has been minimized.

Copy link
Author

commented Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-08T20:51:59.000Z:

I believe this is completely fixed in git commit 9e0689c

Thank you again for your help!

@kwrobot kwrobot closed this Apr 11, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.