Control: clone -1 -2 Control: reassign -2 libmspack0 0.4-1 Control: retitle -2 libmspack: hangs on a crafted CAB file
On 2014-12-12 00:47:21, Jakub Wilk wrote: > Package: cabextract > Version: 1.4-4+b1 > Severity: minor > Usertags: afl > > The attached file makes cabextract hang forever (or at least for two > minutes, after which I lost my patience :-P). > > This bug was found using American fuzzy lop: > http://lcamtuf.coredump.cx/afl/ This issue also affects libmspack. I noticed this while clamav was scanning Jakub's mail for malware and it was stuck in an infinite loop. The issue is easy to reproduce with the crafted file and the following example code: #include <stdio.h> #include <unistd.h> #include <mspack.h> int main() { struct mscab_decompressor *cabd; struct mscabd_cabinet *cab; struct mscabd_file *file; int test; MSPACK_SYS_SELFTEST(test); if (test != MSPACK_ERR_OK) exit(0); if ((cabd = mspack_create_cab_decompressor(NULL))) { if ((cab = cabd->open(cabd, "hang.cab"))) { for (file = cab->files; file; file = file->next) { printf("%s\n", file->filename); cabd->extract(cabd, file, file->filename); } cabd->close(cabd, cab); } mspack_destroy_cab_decompressor(cabd); } return 0; } (From https://github.com/cooljeanius/libmspack/blob/master/README with a call to extract added.) Cheers -- Sebastian Ramacher
signature.asc
Description: Digital signature
