Control: found -1 0.621-1
* Jakub Wilk <jw...@debian.org>, 2014-12-27, 22:19:
lrzip crashes when decompressing the attached (slightly corrupted) file:
$ lrzcat crash.lrz > /dev/null
Decompressing...
Segmentation fault
It still crashes here.
According to AddressSantizer, it's a heap-based buffer overflow:
==8829==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf5a00753 at
pc 0xf72c17b1 bp 0xfffc0b48 sp 0xfffc0b2c
WRITE of size 190 at 0xf5a00753 thread T0
#0 0xf72c17b0 in read (/usr/lib/i386-linux-gnu/libasan.so.1+0x237b0)
#1 0x8071c14 in read /usr/include/i386-linux-gnu/bits/unistd.h:44
#2 0x8071c14 in read_1g /home/jwilk/lrzip-0.621/stream.c:730
#3 0x807238c in read_buf /home/jwilk/lrzip-0.621/stream.c:773
#4 0x807a901 in fill_buffer /home/jwilk/lrzip-0.621/stream.c:1632
#5 0x807a901 in read_stream /home/jwilk/lrzip-0.621/stream.c:1738
#6 0x806a9a3 in unzip_literal /home/jwilk/lrzip-0.621/runzip.c:162
#7 0x806a9a3 in runzip_chunk /home/jwilk/lrzip-0.621/runzip.c:320
#8 0x806a9a3 in runzip_fd /home/jwilk/lrzip-0.621/runzip.c:382
#9 0x805561c in decompress_file /home/jwilk/lrzip-0.621/lrzip.c:794
#10 0x804cb8c in main /home/jwilk/lrzip-0.621/main.c:515
#11 0xf6ecaa62 in __libc_start_main
(/lib/i386-linux-gnu/i686/cmov/libc.so.6+0x19a62)
#12 0x804e9b9
(/srv/home/jwilk/lrzip-0.621/debian/lrzip/usr/bin/lrzip+0x804e9b9)
0xf5a00753 is located 0 bytes to the right of 3-byte region
[0xf5a00750,0xf5a00753)
allocated by thread T0 here:
#0 0xf72ec6e4 in malloc (/usr/lib/i386-linux-gnu/libasan.so.1+0x4e6e4)
#1 0x807a815 in fill_buffer /home/jwilk/lrzip-0.621/stream.c:1627
#2 0x807a815 in read_stream /home/jwilk/lrzip-0.621/stream.c:1738
#3 0x806a9a3 in unzip_literal /home/jwilk/lrzip-0.621/runzip.c:162
#4 0x806a9a3 in runzip_chunk /home/jwilk/lrzip-0.621/runzip.c:320
#5 0x806a9a3 in runzip_fd /home/jwilk/lrzip-0.621/runzip.c:382
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
