[Bug 10871] Heap overflow in decompress_unlzma
bugzilla at busybox.net
bugzilla at busybox.net
Mon Apr 9 02:24:26 UTC 2018
https://bugs.busybox.net/show_bug.cgi?id=10871
--- Comment #4 from Denys Vlasenko <vda.linux at googlemail.com> ---
(In reply to Radovan Scasny from comment #0)
Your config:
CONFIG_UNZIP=y
# CONFIG_FEATURE_UNZIP_CDF is not set
# CONFIG_FEATURE_UNZIP_BZIP2 is not set
# CONFIG_FEATURE_UNZIP_LZMA is not set
# CONFIG_FEATURE_UNZIP_XZ is not set
> There is a general problem handling files. With specific defconfig attached unzip fails to check zip fileheader magic (archival/unzip.c line 695) and uses (archival/libarchive/decompress_unlzma.c) for decompression which leads to segmentation fault.
I don't see how unzip.c can possibly call unlzma decompressor if the call sits
in this ifdef:
#if ENABLE_FEATURE_UNZIP_LZMA
else if (zip->fmt.method == 14) {
/* Not tested yet */
xstate.bytes_out = unpack_lzma_stream(&xstate);
if (xstate.bytes_out < 0)
bb_error_msg_and_die("inflate error");
}
#endif
It is disabled in your config.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list