-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Read zero page memory #132
Labels
Comments
While I normally do not like to deal with files that
|
pete4abw
added a commit
that referenced
this issue
Aug 17, 2023
pete4abw
added a commit
that referenced
this issue
Aug 17, 2023
pete4abw
added a commit
that referenced
this issue
Aug 25, 2023
For somne reason, I tried to overengineer a problem. The POC presented was handled in the ZPAQ code.
pete4abw
added a commit
that referenced
this issue
Aug 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
lrzip-next Version
lzma 23.01(default)
lrzip-next command line
./lrzip-next -vvt file
What happened?
./lrzip-next -vvt poc
The following options are in effect for this INTEGRITY TEST.
Threading is ENABLED. Number of CPUs detected: 4
Detected 8,287,764,480 bytes ram
Nice Value: 19
Show Progress
Max Verbose
Test file integrity
Temporary Directory set as: /tmp/
Malloced 2,762,588,160 for tmp_outbuf
Detected lrzip version 0.6 file.
MD5 being used for integrity testing.
Validating file for consistency...[OK]
Detected lrzip version 0.6 file.
Decompressing...
Reading chunk_bytes at 24
Expected size: 8,324,128
Chunk byte width: 2
Reading eof flag at 25
EOF: 1
Reading expected chunksize at 26
Chunk size: 4,096
Reading stream 0 header at 29
Reading stream 1 header at 36
Reading ucomp header at 43
Fill_buffer stream 0 c_len 2 u_len 10 last_head 0
Starting thread 0 to decompress 2 bytes from stream 0
AddressSanitizer:DEADLYSIGNAL
==3820161==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7f367294d769 bp 0x000000000002 sp 0x7f35c9cee600 T1)
==3820161==The signal is caused by a READ memory access.
==3820161==Hint: address points to the zero page.
#0 0x7f367294d768 in bz3_decode_block src/libbz3.c:619
#1 0x5647df109fe8 in bzip3_decompress_buf /home/tanzheng/fuzz_zip_next/lrzip-next/src/stream.c:632
#2 0x5647df109fe8 in ucompthread /home/tanzheng/fuzz_zip_next/lrzip-next/src/stream.c:1918
#3 0x7f367280e608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
#4 0x7f36723e5132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/libbz3.c:619 in bz3_decode_block
Thread T1 created by T0 here:
#0 0x7f3672ad7815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
#1 0x5647df10edb9 in create_pthread /home/tanzheng/fuzz_zip_next/lrzip-next/src/stream.c:145
==3820161==ABORTING
What was expected behavior?
work well
Steps to reproduce
1.install bzip3
2.install lrzip-next
3.exec:./lrzip-next -vvt poc
Relevant log output
No response
Please provide system details
OS Distro:
Kernel Version (uname -a): Linux ubuntu 5.15.0-78-generic #85~20.04.1-Ubuntu SMP Mon Jul 17 09:42:39 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
System ram (free -h):
total used free shared buff/cache available
Mem: 7.7Gi 4.8Gi 546Mi 4.0Mi 2.4Gi 2.6Gi
Swap: 2.0Gi 1.0Mi 2.0Gi
Additional Context
you can download poc file from this link : https://github.com/huanglei3/lrzip-next-poc/tree/main
The text was updated successfully, but these errors were encountered: