Date: Mon, 03 Nov 2014 14:37:04 +1100 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: unzip -t crasher On 11/03/2014 05:06 AM, Jakub Wilk wrote: > Latest American fuzzy lop tarball contains a zip file that crashes > unzip -t: > > $ unzip -qt afl-0.43b/docs/samples/unzip_t_malloc.zip > foo/: mismatching "local" filename (™/UT), > continuing with "central" filename version > *** Error in `unzip': free(): corrupted unsorted chunks: > 0x00000000015d0170 *** > > I'm not sure if inclusion of said zip file was intentional, but since > the cat is already out of the bag, I thought I'll let you know. > >  https://code.google.com/p/american-fuzzy-lop/ >  http://lcamtuf.coredump.cx/afl.tgz > Hi, I had a quick look at unzip-6.0-12.fc20. It did not crash there for me but there are invalid reads and an invalid write. For the invalid write, the problem may manifest here in memextract(): 2282 memcpy((char *)tgt, (char *)G.inptr, (extent)G.incnt); On my system, G.incnt was 52729. Cheers, -- Murray McAllister / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.