search

Gottox / sqsh-tools

🗜️ fast r/o squashfs implementation written in C.
https://gottox.de/sqsh-tools/
BSD 2-Clause "Simplified" License
37 stars 4 forks source link

Direct leak somewhere in metablock/extract handling #141

Closed Gottox closed 12 months ago

Gottox commented 12 months ago

Describe the bug When libsqsh is compiled in debug mode it performs a dangling pointer check during cleanup. This error is triggered by certain sqfs files.

To Reproduce

  1. get squashfs archive that triggers the issue. For example this one 
    
wget https://www.mirrorservice.org/sites/distfiles.gentoo.org/snapshots/squashfs/gentoo-20230916.xz.sqfs -O /tmp/trigger.sqfs
  2. run build/tools/sqsh-ls -r /tmp/trigger.sqfs
  3. sqsh-ls: ../subprojects/cextras-c3d6f8c344099fd87d186a634b382d70b7e797ab/lib/collection/rc_map.c:222: cx_rc_map_cleanup: Assertion `acc == 0' failed.
[1]    28509 IOT instruction  build/tools/sqsh-ls -r /tmp/gentoo-current.xz.sqfs

Expected behavior

The IOT instruction should not trigger.

Platform (please complete the following information):

Gottox commented 12 months ago

This script generates an archive that triggers the issue:

for i in $(seq 1 3641); do
  echo "dir$i d 777 0 0";
  echo "dir$i/file c 776 0 0 100 1";
done > /tmp/pseudo;

mksquashfs /var/empty /tmp/file.squashfs -pf /tmp/pseudo -noappend
Gottox commented 12 months ago

fixed in #142