Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SIGSEGV packing corrupted Mach-O file canPack #146

Closed
fanrong1992 opened this issue Nov 15, 2017 · 4 comments

Comments

Projects
None yet
4 participants
@fanrong1992
Copy link

commented Nov 15, 2017

What's the problem (or question)?

SIGSEGV in upx when packing the segfault-macho input file in the attached
segfault-macho.tar.gz.
PackMachBase<N_Mach::MachClass_64<N_BELE_CTP::LEPolicy> >::canPack (this=0x9b7030) at p_mach.cpp:1857
1857 if (lc_seg == segptr->cmd) {
Accessing illegal memory in register rdx.

What should have happened?

Program received signal SIGSEGV, Segmentation fault.

Do you have an idea for a solution?

How can we reproduce the issue?

1.upx segfault-macho
2.
3.
4.

Please tell us details about your environment.

  • UPX version used (upx --version):
    upx 3.95-git-7a0514d9b427+
    UCL data compression library 1.03
    zlib data compression library 1.2.8
    LZMA SDK version 4.43
  • Host Operating System and version: Ubuntu16.04 linux4.4.0
  • Host CPU architecture: x86_64
  • Target Operating System and version: Mac OS
  • Target CPU architecture: x86_64

jreiser added a commit that referenced this issue Nov 15, 2017

@jreiser

This comment has been minimized.

Copy link
Contributor

commented Nov 15, 2017

devel branch now complains segfault-macho: CantPackException: bad Mach_command[0]{0x19, 0x800048}

@jreiser jreiser closed this Nov 15, 2017

@jreiser jreiser self-assigned this Nov 15, 2017

@carnil

This comment has been minimized.

Copy link

commented Nov 17, 2017

This issue has been assigned CVE-2017-16869

@jreiser

This comment has been minimized.

Copy link
Contributor

commented Nov 17, 2017

This particular issue is equivalent to a compiler throwing a SIGSEGV instead of generating a polite error message upon detecting a syntax error in random input that was not previously touched by the compiler. Assigning a CVE to this issue is incorrect; there is NO SECURITY IMPLICATION WHATSOEVER. There is NO DENIAL-OF-SERVICE opportunity that is exacerbated by UPX. UPX Team REJECTS assigning any CVE for this particular issue #146 .

@jreiser jreiser changed the title SIGSEGV checking corrupted Mach-O file canPack SIGSEGV packing corrupted Mach-O file canPack Nov 17, 2017

@carnil

This comment has been minimized.

Copy link

commented Nov 17, 2017

@markus-oberhumer markus-oberhumer added this to the v3.95 milestone Aug 26, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.