Your message dated Sat, 18 Nov 2017 21:43:49 -0800 with message-id <20171119054349.ynwgkt7tdb25e...@ftbfs.org> has caused the report #882094, regarding unar: heap-based buffer overflow in LHAready_made() to be marked as having been forwarded to the upstream software author(s) supp...@macpaw.com
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 882094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882094 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Hi, Jakub Wilk reported to the Debian bug tracking system that unar crashes when it's run on the attached file. The full text of the report can be found below. I will attempt to reproduce this problem using The Unarchiver on Monday. ----- Forwarded message from Jakub Wilk <jw...@jwilk.net> ----- Date: Sat, 18 Nov 2017 23:05:21 +0100 From: Jakub Wilk <jw...@jwilk.net> To: sub...@bugs.debian.org Subject: Bug#882094: unar: heap-based buffer overflow in LHAready_made() User-Agent: NeoMutt/20170609 (1.8.3) Package: unar Version: 1.10.1-2+b1 lsar crashes on the attached file: $ lsar overflow.lha overflow.lha: *** Error in `lsar': double free or corruption (out): 0x57103310 *** ... Aborted Valgrind says it's a buffer overflow: Invalid write of size 1 at 0x18DC00: LHAready_made (XADLZHOldHandles.m:577) by 0x18DC00: LHAdecode_c_st0 (XADLZHOldHandles.m:674) by 0x18CABC: LhA_Decrunch (XADLZHOldHandles.m:1075) by 0x18CC8C: _i_XADLZH3Handle__unpackData (XADLZHOldHandles.m:1128) by 0x189F9C: _i_XADLibXADIOHandle__runUnpacker (XADLibXADIOHandle.m:114) by 0x18997D: _i_XADLibXADIOHandle__seekToFileOffset_ (XADLibXADIOHandle.m:51) by 0x1799F0: _i_XADCRCHandle__resetStream (XADCRCHandle.m:70) by 0x1550CF: _i_XADStreamHandle__readAtMost_toBuffer_ (CSStreamHandle.m:138) by 0x150A1A: _i_XADHandle__copyDataOfLengthAtMost_ (CSHandle.m:291) by 0x14FAF4: _i_XADHandle__readDataOfLengthAtMost_ (CSHandle.m:276) by 0x195774: _i_XADMacArchiveParser__parseMacBinaryWithDictionary_name_retainPosition_ (XADMacArchiveParser.m:344) by 0x1952EE: _i_XADMacArchiveParser__addEntryWithDictionary_retainPosition_ (XADMacArchiveParser.m:133) by 0x16431E: _i_XADArchiveParser__addEntryWithDictionary_ (XADArchiveParser.m:899) Address 0x80aec5c is 0 bytes after a block of size 25,228 alloc'd at 0x4830256: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) by 0x18C9E7: xadAllocVec (XADLibXADIOHandle.h:200) by 0x18C9E7: LhA_Decrunch (XADLZHOldHandles.m:1025) by 0x18CC8C: _i_XADLZH3Handle__unpackData (XADLZHOldHandles.m:1128) by 0x189F9C: _i_XADLibXADIOHandle__runUnpacker (XADLibXADIOHandle.m:114) by 0x18997D: _i_XADLibXADIOHandle__seekToFileOffset_ (XADLibXADIOHandle.m:51) by 0x1799F0: _i_XADCRCHandle__resetStream (XADCRCHandle.m:70) by 0x1550CF: _i_XADStreamHandle__readAtMost_toBuffer_ (CSStreamHandle.m:138) by 0x150A1A: _i_XADHandle__copyDataOfLengthAtMost_ (CSHandle.m:291) by 0x14FAF4: _i_XADHandle__readDataOfLengthAtMost_ (CSHandle.m:276) by 0x195774: _i_XADMacArchiveParser__parseMacBinaryWithDictionary_name_retainPosition_ (XADMacArchiveParser.m:344) by 0x1952EE: _i_XADMacArchiveParser__addEntryWithDictionary_retainPosition_ (XADMacArchiveParser.m:133) by 0x16431E: _i_XADArchiveParser__addEntryWithDictionary_ (XADArchiveParser.m:899) -- System Information: Architecture: i386 Versions of packages unar depends on: ii dpkg 1.19.0.4 ii gnustep-base-runtime 1.25.0-2 ii libbz2-1.0 1.0.6-8.1 ii libc6 2.25-1 ii libgcc1 1:7.2.0-16 ii libgnustep-base1.25 1.25.0-2 ii libicu57 57.1-8 ii libobjc4 7.2.0-16 ii libstdc++6 7.2.0-16 ii libwavpack1 5.1.0-2 ii zlib1g 1:1.2.8.dfsg-5 -- Jakub Wilk ----- End forwarded message ----- -- Matt
overflow.lha
Description: application/lha
--- End Message ---
