You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The attached malformed iso file (packed as zip, because github limits attachment file types) will cause a signed integer overflow when passed to "bsdtar -tf [infile]" (tested with libarchive 3.2.0). This can be seen with undefined behavior sanitizer (compile with -fsanitize=undefined in CFLAGS/LDFLAGS).
ubsan error:
libarchive/archive_read_support_format_iso9660.c:1094:32: runtime error: signed integer overflow: 8388631 * 2048 cannot be represented in type 'int'
The attached malformed iso file (packed as zip, because github limits attachment file types) will cause a signed integer overflow when passed to "bsdtar -tf [infile]" (tested with libarchive 3.2.0). This can be seen with undefined behavior sanitizer (compile with -fsanitize=undefined in CFLAGS/LDFLAGS).
ubsan error:
libarchive/archive_read_support_format_iso9660.c:1094:32: runtime error: signed integer overflow: 8388631 * 2048 cannot be represented in type 'int'
This was found with the help of american fuzzy lop.
libarchive-signed-int-overflow.zip
The text was updated successfully, but these errors were encountered: