[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-cpio] Multiple heap overflows found with ASAN
From: |
Sergey Poznyakoff |
Subject: |
Re: [Bug-cpio] Multiple heap overflows found with ASAN |
Date: |
Sun, 06 Sep 2015 08:51:40 +0300 |
Jacek Wielemborek <address@hidden> ha escrit:
> I built CPIO 2.11+dfsg (with Debian patches) and fuzzed it using
Thanks for your report.
> address@hidden:~/fuzz/cpio# /root/pkg/cpio-2.11+dfsg/obj/src/cpio
> -idmv <
[...]
> #1 0x417e48 in path_contains_symlink ../../src/copyin.c:718
> #2 0x417e48 in process_copy_in ../../src/copyin.c:1522
I am not quite sure what '+dfsg' means, but there is no
'path_contains_symlink' function in cpio code, and never has been.
Regarding the testcase itself, the current git HEAD copes with it
reporting the following:
cpio: warning: skipped 3 bytes of junk
cpio: warning: archive header has reverse byte-order
cpio: Substituting `.' for empty member name
cpio: cannot remove current .: Invalid argument
cpio: premature end of file
Regards,
Sergey