You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original issue 413 created by Google Code user hanno@hboeck.de on 2015-03-05T09:37:02.000Z:
Attached file will cause an invalid read access in the function copy_from_lzss_window(). This can be seen with address sanitizer or valgrind.
Found with american fuzzy lop.
Address Sanitizer crash dump:
==30812==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ed74 at pc 0x00000048f530 bp 0x7fffaf958c70 sp 0x7fffaf958430
READ of size 48 at 0x60200000ed74 thread T0
#0 0x48f52f in __asan_memcpy (/mnt/ram/libarchive-master/bsdtar+0x48f52f)
#1 0x624619 in copy_from_lzss_window /mnt/ram/libarchive-master/libarchive/archive_read_support_format_rar.c:2888:7
#2 0x61ddfd in read_data_compressed /mnt/ram/libarchive-master/libarchive/archive_read_support_format_rar.c:2029:11
#3 0x61ddfd in archive_read_format_rar_read_data /mnt/ram/libarchive-master/libarchive/archive_read_support_format_rar.c:1025
#4 0x5223cd in _archive_read_data_block /mnt/ram/libarchive-master/libarchive/archive_read.c:969:9
#5 0x6c7d03 in archive_read_data_block /mnt/ram/libarchive-master/libarchive/archive_virtual.c:161:10
#6 0x54a542 in copy_data /mnt/ram/libarchive-master/libarchive/archive_read_extract2.c:139:7
#7 0x54a542 in archive_read_extract2 /mnt/ram/libarchive-master/libarchive/archive_read_extract2.c:101
#8 0x4d2931 in read_archive /mnt/ram/libarchive-master/tar/read.c:361:9
#9 0x4d3a83 in tar_mode_x /mnt/ram/libarchive-master/tar/read.c:104:2
#10 0x4c8d94 in main /mnt/ram/libarchive-master/tar/bsdtar.c:805:3
#11 0x7fd53b4abf9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
#12 0x4c412c in _start (/mnt/ram/libarchive-master/bsdtar+0x4c412c)
0x60200000ed74 is located 0 bytes to the right of 4-byte region [0x60200000ed70,0x60200000ed74)
allocated by thread T0 here:
#0 0x4a6d8e in realloc (/mnt/ram/libarchive-master/bsdtar+0x4a6d8e)
#1 0x62726f in parse_codes /mnt/ram/libarchive-master/libarchive/archive_read_support_format_rar.c:2295:18
#2 0x617ea1 in read_data_compressed /mnt/ram/libarchive-master/libarchive/archive_read_support_format_rar.c:1921:41
#3 0x617ea1 in archive_read_format_rar_read_data /mnt/ram/libarchive-master/libarchive/archive_read_support_format_rar.c:1025
#4 0x5223cd in _archive_read_data_block /mnt/ram/libarchive-master/libarchive/archive_read.c:969:9
#5 0x4d2931 in read_archive /mnt/ram/libarchive-master/tar/read.c:361:9
#6 0x4d3a83 in tar_mode_x /mnt/ram/libarchive-master/tar/read.c:104:2
#7 0x4c8d94 in main /mnt/ram/libarchive-master/tar/bsdtar.c:805:3
#8 0x7fd53b4abf9f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.20-r2/work/glibc-2.20/csu/libc-start.c:289
Original issue 413 created by Google Code user
hanno@hboeck.de
on 2015-03-05T09:37:02.000Z:See attachment: bsdtar-invalid-read.rar
See attachment: bsdtar-invalid-read.rar.asan.txt
The text was updated successfully, but these errors were encountered: