Package: gcab Version: 0.4-2 Usertags: afl gcab crashes on the attached file:
$ gcab -t crash.cab
Segmentation fault
GDB says it's a null pointer derefence:
Program received signal SIGSEGV, Segmentation fault.
0xf7c760ad in gcab_cabinet_load (self=0x8056420, stream=0x80604d8,
cancellable=0x8054c10, error=0xffffd5ac) at libgcab/gcab-cabinet.c:388
388 GCabFolder *folder = g_ptr_array_index (folders, cfile.index);
(gdb) print *folders
$1 = {pdata = 0x0, len = 0}
This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl
Disclaimer: I don't have spare CPU cycles, so I fuzzed only till the
first crash (which took a few seconds). It's likely that extensive
fuzzing would uncover more interesting crashers. I'd encourage gcab
maintainers to perform fuzzing with AFL on their own. :-)
-- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages gcab depends on: ii libc6 2.19-13 ii libgcab-1.0-0 0.4-2 ii libglib2.0-0 2.42.1-1 -- Jakub Wilk
crash.cab
Description: application/cab
