Please sign in to comment.
Unsquashfs: Fix potential NULL pointer dereference if decompressor no…
…t supported Earlier today, I received a report that an analysis driven fuzzer has detected a potential NULL pointer dereference in Unsquashfs, when a decompressor is not supported. The cause scenario is as usual a combination of a couple of issues: 1. If Unsquashfs has been compiled without support for a decompressor, the corresponding decompression functions will be NULL. 2. If Unsquashfs executing -stat detects the filesystem has compression options, *and* the compression options are compressed, the code will attempt to dereference the NULL pointer pointing to the decompression function. 3. The code checks whether the filesystem compression is supported by Unsquashfs, and exits with an error if not. But, this check is deliberately done after the -stat option, because the -stat option should be able to stat a filesystem even if the decompressor is not supported, as printing the filesystem data should not need support for the decompressor. Obviously, as the compression options are never compressed, the above scenario is in practice impossible to achieve, unless the filesystem is corrupted. This is easy to fix. In the -stat function, if the decompressor is not supported, then skip reading and displaying the compression options. As the decompressor is not supported, there is no function to display the options anyway. Reported-By: Sebastian Neef <firstname.lastname@example.org> Signed-off-by: Phillip Lougher <email@example.com>
- Loading branch information...