Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SIGSEGV packing corrupted Mach-O file canPack #146

Closed
fanrong1992 opened this issue Nov 15, 2017 · 4 comments
Closed

SIGSEGV packing corrupted Mach-O file canPack #146

fanrong1992 opened this issue Nov 15, 2017 · 4 comments
Assignees
Milestone

Comments

@fanrong1992
Copy link

What's the problem (or question)?

SIGSEGV in upx when packing the segfault-macho input file in the attached
segfault-macho.tar.gz.
PackMachBase<N_Mach::MachClass_64<N_BELE_CTP::LEPolicy> >::canPack (this=0x9b7030) at p_mach.cpp:1857
1857 if (lc_seg == segptr->cmd) {
Accessing illegal memory in register rdx.

What should have happened?

Program received signal SIGSEGV, Segmentation fault.

Do you have an idea for a solution?

How can we reproduce the issue?

1.upx segfault-macho
2.
3.
4.

Please tell us details about your environment.

  • UPX version used (upx --version):
    upx 3.95-git-7a0514d9b427+
    UCL data compression library 1.03
    zlib data compression library 1.2.8
    LZMA SDK version 4.43
  • Host Operating System and version: Ubuntu16.04 linux4.4.0
  • Host CPU architecture: x86_64
  • Target Operating System and version: Mac OS
  • Target CPU architecture: x86_64
jreiser added a commit that referenced this issue Nov 15, 2017
@jreiser
Copy link
Collaborator

jreiser commented Nov 15, 2017

devel branch now complains segfault-macho: CantPackException: bad Mach_command[0]{0x19, 0x800048}

@jreiser jreiser closed this as completed Nov 15, 2017
@jreiser jreiser self-assigned this Nov 15, 2017
@carnil
Copy link

carnil commented Nov 17, 2017

This issue has been assigned CVE-2017-16869

@jreiser
Copy link
Collaborator

jreiser commented Nov 17, 2017

This particular issue is equivalent to a compiler throwing a SIGSEGV instead of generating a polite error message upon detecting a syntax error in random input that was not previously touched by the compiler. Assigning a CVE to this issue is incorrect; there is NO SECURITY IMPLICATION WHATSOEVER. There is NO DENIAL-OF-SERVICE opportunity that is exacerbated by UPX. UPX Team REJECTS assigning any CVE for this particular issue #146 .

@jreiser jreiser changed the title SIGSEGV checking corrupted Mach-O file canPack SIGSEGV packing corrupted Mach-O file canPack Nov 17, 2017
@carnil
Copy link

carnil commented Nov 17, 2017 via email

@markus-oberhumer markus-oberhumer added this to the v3.95 milestone Aug 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants