You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary: heap-buffer-overflow
OS: CentOS 7 64bit
Version: commit 17485a2
PoC Download: Ov_buffer_new.zip
Steps to reproduce:
1.Download the .POC files.
2.Compile the source code with ASan.
3.Execute the following command
: ./ziptool $PoC cat index
=================================================================
==31998==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000138 at pc 0x7f43e49cb855 bp 0x7ffc49d62410 sp 0x7ffc49d62408
WRITE of size 8 at 0x602000000138 thread T0
#0 0x7f43e49cb854 in buffer_new /home/karas/libzip/lib/zip_source_buffer.c:465:46
#1 0x7f43e49ca2d6 in zip_source_buffer_fragment_create /home/karas/libzip/lib/zip_source_buffer.c:133:19
#2 0x7f43e49c9f35 in zip_source_buffer_create /home/karas/libzip/lib/zip_source_buffer.c:106:12
#3 0x7f43e49c9f35 in zip_source_buffer /home/karas/libzip/lib/zip_source_buffer.c:89
#4 0x7f43e49deddf in _zip_source_zip_new /home/karas/libzip/lib/zip_source_zip_new.c:101:9
#5 0x7f43e49ba7a2 in zip_fopen_index_encrypted /home/karas/libzip/lib/zip_fopen_index_encrypted.c:50:14
#6 0x515f3d in cat /home/karas/libzip/src/ziptool.c:181:13
#7 0x51a5bf in dispatch /home/karas/libzip/src/ziptool.c:728:10
#8 0x51a5bf in main /home/karas/libzip/src/ziptool.c:889
#9 0x7f43e3679c04 in __libc_start_main (/lib64/libc.so.6+0x21c04)
#10 0x41c10b in _start (/home/karas/libzip/build/src/ziptool+0x41c10b)
0x602000000139 is located 0 bytes to the right of 9-byte region [0x602000000130,0x602000000139)
allocated by thread T0 here:
#0 0x4dfe6d in realloc /home/karas/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79
#1 0x7f43e49cad94 in buffer_grow_fragments /home/karas/libzip/lib/zip_source_buffer.c:397:23
#2 0x7f43e49cad94 in buffer_new /home/karas/libzip/lib/zip_source_buffer.c:441
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/karas/libzip/lib/zip_source_buffer.c:465:46 in buffer_new
Shadow bytes around the buggy address:
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff8000: fa fa 00 07 fa fa fd fd fa fa 00 01 fa fa fd fd
0x0c047fff8010: fa fa 05 fa fa fa fd fa fa fa 00 03 fa fa 00 00
=>0x0c047fff8020: fa fa 00 00 fa fa 00[01]fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==31998==ABORTING
[Acknowledgement]
This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]
The text was updated successfully, but these errors were encountered:
Hello.
I found a heap-buffer-overflow bug in libzip.
Please confirm.
Thanks.
Summary: heap-buffer-overflow
OS: CentOS 7 64bit
Version: commit 17485a2
PoC Download: Ov_buffer_new.zip
Steps to reproduce:
1.Download the .POC files.
2.Compile the source code with ASan.
3.Execute the following command
: ./ziptool $PoC cat index
[Acknowledgement]
This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]
The text was updated successfully, but these errors were encountered: