Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 2 Nov 2014 19:06:40 +0100
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: unzip -t crasher

Latest American fuzzy lop[0] tarball[1] contains a zip file that crashes 
unzip -t:

$ unzip -qt afl-0.43b/docs/samples/unzip_t_malloc.zip
foo/:  mismatching "local" filename (™/UT),
         continuing with "central" filename version
*** Error in `unzip': free(): corrupted unsorted chunks: 0x00000000015d0170 ***

I'm not sure if inclusion of said zip file was intentional, but since 
the cat is already out of the bag, I thought I'll let you know.

[0] https://code.google.com/p/american-fuzzy-lop/
[1] http://lcamtuf.coredump.cx/afl.tgz

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ