Package: libiso9660-8
Version: 0.83-4.2
Usertags: afl
iso-info(1) crashes on the attached (corrupted) ISO image:
$ iso-info -f crash.iso
iso-info version 0.83 i586-pc-linux-gnu
Copyright (c) 2003, 2004, 2005, 2007, 2008, 2011 R. Bernstein
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
__________________________________
ISO 9660 image: crash.iso
Preparer : XORRISO-1.3.2 2013.08.07.110001, LIBISOBURN-1.3.2, LIBISOFS-1.3.2,
LIBBURN-1.3.2
Volume : ISOIMAGE
__________________________________
ISO-9660 Information
++ WARN: from_733: broken byte order
++ WARN: from_733: broken byte order
++ WARN: from_733: broken byte order
++ WARN: from_733: broken byte order
++ WARN: from_733: broken byte order
++ WARN: from_733: broken byte order
++ WARN: from_733: broken byte order
0 /XORRISO-1.3.2 2013.08.07.110001, LIBISOBURN-1.3.2, LIBISOFS-1.3.2,
LIBBURN-1.3.2
0 /XORRISO-1.3.2 2013.08.07.110001, LIBISOBURN-1.3.2, LIBISOFS-1.3.2,
LIBBURN-1.3.2
99 /XORRISO-1.3.2 2013.08.07.110001, LIBISOBURN-1.3.2, LIBISOFS-1.3.2,
LIBBURN-1.3.2
++ WARN: from_733: broken byte order
++ WARN: from_733: broken byte order
++ WARN: from_733: broken byte order
Segmentation fault
Backtrace:
#0 __strcmp_ia32 () at ../sysdeps/i386/i686/multiarch/../strcmp.S:34
#1 0xf7fbb865 in _fs_iso_stat_traverse (p_iso=0x804e028, _root=0x8050218,
splitpath=0x80503b8) at iso9660_fs.c:1125
#2 0xf7fbbc6a in iso9660_ifs_stat (p_iso=0x804e028, psz_path=0x80503e8
"/XORRISO-1.3.2 2013.08.07.110001, LIBISOBURN-1.3.2, LIBISOFS-1.3.2,
LIBBURN-1.3.2/") at iso9660_fs.c:1269
#3 0xf7fbbf36 in iso9660_ifs_readdir (p_iso=0x804e028, psz_path=0x80503e8
"/XORRISO-1.3.2 2013.08.07.110001, LIBISOBURN-1.3.2, LIBISOFS-1.3.2,
LIBBURN-1.3.2/") at iso9660_fs.c:1363
#4 0x0804944e in print_iso9660_recurse (p_iso=0x804e028, psz_path=0x80503e8
"/XORRISO-1.3.2 2013.08.07.110001, LIBISOBURN-1.3.2, LIBISOFS-1.3.2,
LIBBURN-1.3.2/") at iso-info.c:205
#5 0x080497ae in print_iso9660_recurse (p_iso=0x804e028, psz_path=0x804b30c
"/") at iso-info.c:281
#6 0x080497f3 in print_iso9660_fs (iso=0x804e028) at iso-info.c:290
#7 0x08049bba in main (argc=3, argv=0xffffd3d4) at iso-info.c:374
This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl
Disclaimer: I don't have spare CPU cycles, so I fuzzed only till the
first crash (which took a few seconds). It's likely that extensive
fuzzing would uncover more interesting crashers. I'd encourage libcdio
maintainers to perform fuzzing with AFL on their own. :-)
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libiso9660-8 depends on:
ii libc6 2.19-13
ii libcdio13 0.83-4.2
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
