[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-cpio] Multiple heap overflows found with ASAN

From: Sergey Poznyakoff
Subject: Re: [Bug-cpio] Multiple heap overflows found with ASAN
Date: Sun, 06 Sep 2015 08:51:40 +0300

Jacek Wielemborek <address@hidden> ha escrit:

> I built CPIO 2.11+dfsg (with Debian patches) and fuzzed it using

Thanks for your report.

> address@hidden:~/fuzz/cpio# /root/pkg/cpio-2.11+dfsg/obj/src/cpio
> -idmv  <
>     #1 0x417e48 in path_contains_symlink ../../src/copyin.c:718
>     #2 0x417e48 in process_copy_in ../../src/copyin.c:1522

I am not quite sure what '+dfsg' means, but there is no
'path_contains_symlink' function in cpio code, and never has been.

Regarding the testcase itself, the current git HEAD copes with it
reporting the following:

cpio: warning: skipped 3 bytes of junk
cpio: warning: archive header has reverse byte-order
cpio: Substituting `.' for empty member name
cpio: cannot remove current .: Invalid argument
cpio: premature end of file


reply via email to

[Prev in Thread] Current Thread [Next in Thread]