search

pombreda / libarchive

Automatically exported from code.google.com/p/libarchive
Other
0 stars 0 forks source link

malformed cab segfaults bsdtar #397

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. bsdtar -xf segf.cab
2. segfault

What version are you using?
git head (e6c9668f3202215ddb71617b41c19b6f05acf008)

On what operating system?
Linux

How did you build?  (cmake, configure, or pre-packaged binary)
cmake

What compiler or development environment (please include version)?
gcc 4.9.2

Please provide any additional information below.
Found with american fuzzy lop

==20101== Invalid read of size 1
==20101==    at 0x411867: strip_absolute_path (in 
/mnt/ram/libarchive/plain/bin/bsdtar)
==20101==    by 0x41252A: edit_pathname (in 
/mnt/ram/libarchive/plain/bin/bsdtar)
==20101==    by 0x410A46: tar_mode_x (in /mnt/ram/libarchive/plain/bin/bsdtar)
==20101==    by 0x40EB13: main (in /mnt/ram/libarchive/plain/bin/bsdtar)
==20101==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

Looks like a null ptr. Will attach asan and valgrind output.

Original issue reported on code.google.com by hanno@hboeck.de on 3 Feb 2015 at 3:55

Attachments:

GoogleCodeExporter commented 9 years ago 
I've committed a change to bsdtar so it will skip entries for which the format 
handler is unable to parse a filename.

This makes bsdtar itself resistant to this issue, but it would be better to fix 
the underlying parsing issue in the RAR reader.

Original comment by kientzle@gmail.com on 7 Feb 2015 at 7:29