Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

malformed tar file causes heap read overflow #515

Closed
kwrobot opened this issue Apr 11, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@kwrobot
Copy link

commented Apr 11, 2015

Original issue 407 created by Google Code user hanno@hboeck.de on 2015-02-09T00:21:38.000Z:

One more malformed tar file that causes an invalid memory access in bsdtar (latest git):

==3220==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000e9ac at pc 0x742282 bp 0x7fff35ba0fd0 sp 0x7fff35ba0fc0
READ of size 4 at 0x60300000e9ac thread T0
    #0 0x742281 in archive_read_format_tar_read_header libarchive/archive_read_support_format_tar.c:520
    #1 0x4b3c63 in _archive_read_next_header2 libarchive/archive_read.c:645
    #2 0x4b3c63 in _archive_read_next_header libarchive/archive_read.c:685
    #3 0x42a29a in read_archive tar/read.c:252
    #4 0x42d6d2 in tar_mode_x tar/read.c:104
    #5 0x414a3f in main tar/bsdtar.c:805
    #6 0x7fdaeb660f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
    #7 0x41a5cd (/mnt/ram/libarchive/bsdtar+0x41a5cd)

See attachment: tar-heap-overflow.tar
See attachment: tar-heap-overflow.tar.asan.txt

@kwrobot

This comment has been minimized.

Copy link
Author

commented Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-21T17:38:58.000Z:

I believe this is fixed in

[master bb9b157] Issue 407: Tar reader tries to examine last character of an empty filename

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.