New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integer-overflow in function getElfSections at p_vmlinx.cpp:119 #286
Comments
|
Correctly diagnosed by tip of |
|
A better fix on |
|
Is a release forthcoming to address this and #287, or should packagers ship patches? |
|
Only Markus can make an official release of UPX, and Markus is busy. History suggests that it would take at least several weeks. Only Markus has the source for the NRV compression algorithm that is used in official releases. The UCL algorithm used in |
|
Will do, thank you. |
|
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days. |
|
This issue was closed because it has been stalled for 30 days with no activity. Please feel free to reopen. |
What's the problem (or question)?
What should have happened?
list compressed file
Do you have an idea for a solution?
check for integer overflow correctly
How can we reproduce the issue?
upx.out -l @@ /dev/null
the poc is attached poc
source
debug
bug report
================================================================= ==6768==WARNING: AddressSanitizer failed to allocate 0x800000000000001 bytes ==6768==AddressSanitizer's allocator is terminating the process instead of returning 0 ==6768==If you don't like this behavior set allocator_may_return_null=1 ==6768==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0)) != (0)" (0x0, 0x0) #0 0x7f935b1a2631 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631) #1 0x7f935b1a75e3 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa55e3) #2 0x7f935b11f425 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425) #3 0x7f935b1a5865 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865) #4 0x7f935b124b4d (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d) #5 0x7f935b19b67e in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9967e) #6 0x6f73e2 in PackVmlinuxBase<N_Elf::ElfClass_64<N_BELE_CTP::LEPolicy> >::getElfSections() /home/jl/work/projects/upx/upx/src/p_vmlinx.cpp:119 #7 0x70949a in PackVmlinuxBase<N_Elf::ElfClass_64<N_BELE_CTP::LEPolicy> >::canUnpack() /home/jl/work/projects/upx/upx/src/p_vmlinx.cpp:569 #8 0x7a7e1d in try_unpack /home/jl/work/projects/upx/upx/src/packmast.cpp:114 #9 0x7abe70 in PackMaster::visitAllPackers(Packer* (*)(Packer*, void*), InputFile*, options_t const*, void*) /home/jl/work/projects/upx/upx/src/packmast.cpp:177 #10 0x7b5282 in PackMaster::getUnpacker(InputFile*) /home/jl/work/projects/upx/upx/src/packmast.cpp:248 #11 0x7b694b in PackMaster::list() /home/jl/work/projects/upx/upx/src/packmast.cpp:279 #12 0x8604db in do_one_file(char const*, char*) /home/jl/work/projects/upx/upx/src/work.cpp:164 #13 0x8615fa in do_files(int, int, char**) /home/jl/work/projects/upx/upx/src/work.cpp:271 #14 0x468b28 in main /home/jl/work/projects/upx/upx/src/main.cpp:1539 #15 0x7f935989982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #16 0x4030f8 in _start (/home/jl/work/up_projects/fuzz-upx/crashes/upx.out.debug+0x4030f8)Please tell us details about your environment.
upx --3.95):The text was updated successfully, but these errors were encountered: