The ZZIPlib provides read access on ZIP-archives and unpacked data. It features an additional simplified API following the standard Posix API for file access
Other
60
stars
50
forks
source link
[Bug]: stack-buffer-overflow in unzzip(version 0.13.72, commit 6699e0fe) #144
This bug may be caused by the same reason as this issue #143.
Crash Inputs
Here are the files that trigger the bug - zip.c_347_44-in-__zzip_fetch_disk_trailer.zip
Bug Description
I apply ASan (Address Sanitizer) to check for errors and report the detected errors as follows.
How to Reproduce
The aforementioned bug can be stably reproduced in version 0.13.72 (commit id 6699e0fe).
-U_FORTIFY_SOURCE -fsanitize=address -g
/data/program/zziplib/orig-asan/bin/unzzip -p <input-file-path>