New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid read access on malformed mtree file in function read_mtree #516

Closed
kwrobot opened this Issue Apr 11, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@kwrobot

kwrobot commented Apr 11, 2015

Original issue 408 created by Google Code user hanno@hboeck.de on 2015-02-10T08:14:31.000Z:

Attached malformed mtree file causes a invalid memory read access in bsdtar. Found with american fuzzy lop.

READ of size 3 at 0x60600000eede thread T0
    #0 0x57f892 in memmove /usr/include/bits/string3.h:57
    #1 0x57f892 in readline libarchive/archive_read_support_format_mtree.c:1976
    #2 0x57f892 in read_mtree libarchive/archive_read_support_format_mtree.c:964
    #3 0x57f892 in read_header libarchive/archive_read_support_format_mtree.c:1034
    #4 0x46cb6c in _archive_read_next_header2 libarchive/archive_read.c:645
    #5 0x46cb6c in _archive_read_next_header libarchive/archive_read.c:685
    #6 0x41bf76 in read_archive tar/read.c:252
    #7 0x41e09b in tar_mode_x tar/read.c:104
    #8 0x40d433 in main tar/bsdtar.c:805
    #9 0x7fc9bdd2ff9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
    #10 0x412d31 (/mnt/ram/libarchive/bsdtar+0x412d31)

See attachment: read_mtree.mtree
See attachment: read_mtree.mtree.asan.txt

@kwrobot

This comment has been minimized.

Show comment
Hide comment
@kwrobot

kwrobot Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-21T19:14:14.000Z:

I believe this is fixed by

commit 1e18cbb71515a22b2a6f1eb4aaadea461929b834
Author: Tim Kientzle <kientzle@acm.org>
Date:   Sat Feb 21 10:37:48 2015 -0800

    Issue 408: Fix escaped newline parsing

kwrobot commented Apr 11, 2015

Comment #1 originally posted by kientzle on 2015-02-21T19:14:14.000Z:

I believe this is fixed by

commit 1e18cbb71515a22b2a6f1eb4aaadea461929b834
Author: Tim Kientzle <kientzle@acm.org>
Date:   Sat Feb 21 10:37:48 2015 -0800

    Issue 408: Fix escaped newline parsing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment