Skip to content

signed integer overflow in iso parser #717

Closed
@hannob

Description

@hannob

The attached malformed iso file (packed as zip, because github limits attachment file types) will cause a signed integer overflow when passed to "bsdtar -tf [infile]" (tested with libarchive 3.2.0). This can be seen with undefined behavior sanitizer (compile with -fsanitize=undefined in CFLAGS/LDFLAGS).

ubsan error:
libarchive/archive_read_support_format_iso9660.c:1094:32: runtime error: signed integer overflow: 8388631 * 2048 cannot be represented in type 'int'

This was found with the help of american fuzzy lop.
libarchive-signed-int-overflow.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions