Date: Mon, 03 Nov 2014 14:37:04 +1100 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: unzip -t crasher On 11/03/2014 05:06 AM, Jakub Wilk wrote: > Latest American fuzzy lop tarball contains a zip file that crashes > unzip -t: > > $ unzip -qt afl-0.43b/docs/samples/unzip_t_malloc.zip > foo/: mismatching "local" filename (™/UT), > continuing with "central" filename version > *** Error in `unzip': free(): corrupted unsorted chunks: > 0x00000000015d0170 *** > > I'm not sure if inclusion of said zip file was intentional, but since > the cat is already out of the bag, I thought I'll let you know. > >  https://code.google.com/p/american-fuzzy-lop/ >  http://lcamtuf.coredump.cx/afl.tgz > Hi, I had a quick look at unzip-6.0-12.fc20. It did not crash there for me but there are invalid reads and an invalid write. For the invalid write, the problem may manifest here in memextract(): 2282 memcpy((char *)tgt, (char *)G.inptr, (extent)G.incnt); On my system, G.incnt was 52729. Cheers, -- Murray McAllister / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ