Package: unshield Version: 1.0-1 Usertags: afl Unshield crashes on this (slightly corrupted) archive:
$ unshield t data1.cab Segmentation fault GDB says it's an out-of-bounds read: #0 0xf7fb565a in get_unaligned_le32 (p=0x5f40e4e8 <error: Cannot access memory at address 0x5f40e4e8>) at internal.h:138 #1 0xf7fb5732 in unshield_component_new (header=0x804dfd0, offset=1463549952) at component.c:30 #2 0xf7fb8eff in unshield_header_get_components (header=0x804dfd0) at libunshield.c:155 #3 0xf7fb942d in unshield_read_headers (unshield=0x804dfb0, version=-1) at libunshield.c:309 #4 0xf7fb95db in unshield_open_force_version (filename=0xffffda22 "data1.cab", version=-1) at libunshield.c:361 #5 0x08049db1 in main (argc=3, argv=0xffffd864) at unshield.c:574 This bug was found using American fuzzy lop: https://packages.debian.org/experimental/aflDisclaimer: I don't have spare CPU cycles, so I fuzzed only till the first crash (which took a few seconds). It's likely that extensive fuzzing would uncover more interesting crashers. I'd encourage Unshield maintainers to perform fuzzing with AFL on their own. :-)
-- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages unshield depends on: ii libc6 2.19-13 ii libunshield0 1.0-1 ii zlib1g 1:1.2.8.dfsg-2+b1 -- Jakub Wilk
data1.cab
Description: Binary data
data1.hdr
Description: Binary data
