Package: zpaq Version: 1.10-1 Usertags: afl zpaq crashes when trying to extract this (slightly corrupted) archive:
$ zpaq x crash.zpaq Segmentation fault Valgrind says it's an out-of-bounds read: ==1787== Invalid read of size 4 ==1787== at 0x804EDED: Predictor::update0(int) (zpaq.cpp:2718) ==1787== by 0x8056AFB: Predictor::update(int) (zpaq.cpp:2817) ==1787== by 0x8050B5F: Decoder::decompress() (zpaq.cpp:3558) ==1787== by 0x80523A0: decompress(int, char**) (zpaq.cpp:4021) ==1787== by 0x805417E: main (zpaq.cpp:4622) ==1787== Address 0x57c928c0 is not stack'd, malloc'd or (recently) free'd This bug was found using American fuzzy lop: https://packages.debian.org/experimental/afl -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages zpaq depends on: ii libc6 2.19-13 ii libgcc1 1:4.9.2-10 ii libstdc++6 4.9.2-10 -- Jakub Wilk
crash.zpaq
Description: Binary data
