search

schwer-q / xar

Automatically exported from code.google.com/p/xar
0 stars 0 forks source link

null deref extracting xar archive in strlen/xar_get_path #37

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Extracting the attached xar files causes a crash.  It doesn't appear to be
a security issue.

xar 1.4 and 1.5.1 on Leopard9A557, Macbook Pro

xar -xvf 00001537.xar

Process:         xar [316]
Path:            /usr/bin/xar
Identifier:      xar
Version:         ??? (???)
Code Type:       X86 (Native)
Parent Process:  bash [161]

Date/Time:       2007-09-20 13:19:00.566 -0700
OS Version:      Mac OS X 10.5 (9A557)
Report Version:  6

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000
Crashed Thread:  0

Thread 0 Crashed:
0   libSystem.B.dylib               0x94f488b0 strlen + 16
1   libxar.1.dylib                  0x0001b6f0 xar_get_path + 57
2   xar                             0x00002f26 0x1000 + 7974
3   xar                             0x0000169a 0x1000 + 1690

Thread 0 crashed with X86 Thread State (32-bit):
  eax: 0xffffffff  ebx: 0x0001b6c2  ecx: 0x00000000  edx: 0x00000000
  edi: 0x001051c0  esi: 0x001051c0  ebp: 0xbfffee48  esp: 0xbfffee2c
   ss: 0x0000001f  efl: 0x00010286  eip: 0x94f488b0   cs: 0x00000017
   ds: 0x0000001f   es: 0x0000001f   fs: 0x00000000   gs: 0x00000037
  cr2: 0x00000000

Binary Images:
    0x1000 -     0x3fff +xar ??? (???) /usr/bin/xar
   0x12000 -    0x1cfff  libxar.1.dylib ??? (???) /usr/lib/libxar.1.dylib
0x8fe00000 - 0x8fe2d883  dyld 95.1 (???) <cb0c4a65f873d94eb99efb94d7f69baf>
/usr/lib/dyld
0x90fdd000 - 0x90fe4fe9  libgcc_s.1.dylib ??? (???)
<8fce590327ad8ef6d56bfc797c40e435> /usr/lib/libgcc_s.1.dylib
0x916e5000 - 0x916f1fff  libbz2.1.0.dylib ??? (???)
<453492858aec09b3751a8281eef111ab> /usr/lib/libbz2.1.0.dylib
0x9438a000 - 0x943e7ffb  libstdc++.6.dylib ??? (???)
<d6534a13f6b56396aef884041dc53d3a> /usr/lib/libstdc++.6.dylib
0x943e8000 - 0x944c9ff7  libxml2.2.dylib ??? (???)
<f42cfd9dcb8c46c80f8a516ab46e5ec6> /usr/lib/libxml2.2.dylib
0x94e06000 - 0x94f3eff7  libicucore.A.dylib ??? (???)
<ca5f84815dc176a281e44321715d18c7> /usr/lib/libicucore.A.dylib
0x94f3f000 - 0x95096fe3  libSystem.B.dylib ??? (???)
<5aff1930a0bf4a96eb2c52b93a489092> /usr/lib/libSystem.B.dylib
0x9535f000 - 0x95411ffb  libcrypto.0.9.7.dylib ??? (???)
<6007bd3a529aaf328f0bcae022e0130f> /usr/lib/libcrypto.0.9.7.dylib
0x95fe7000 - 0x95ff5ffd  libz.1.dylib ??? (???)
<507fbeee432f55d0b9da49d08f2b9942> /usr/lib/libz.1.dylib
0x96113000 - 0x96114fef  libmathCommon.A.dylib ??? (???)
/usr/lib/system/libmathCommon.A.dylib
0xffff0000 - 0xffff1780  libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

Original issue reported on code.google.com by ApplePro...@gmail.com on 20 Sep 2007 at 10:47

GoogleCodeExporter commented 9 years ago 
Attached.

Original comment by ApplePro...@gmail.com on 20 Sep 2007 at 10:47

Attachments:

GoogleCodeExporter commented 9 years ago 
This is caused by a malformed toc.  Commit 179 to trunk adds additional error
handling to the toc parsing that prevents xar from attempting to process 
malformed tocs.

Original comment by bbraun on 20 Sep 2007 at 11:24