[Bug 7796] New: function huft_build may call a NULL array

bugzilla at busybox.net bugzilla at busybox.net
Tue Jan 13 02:21:35 UTC 2015


https://bugs.busybox.net/show_bug.cgi?id=7796

           Summary: function huft_build may call a NULL array
           Product: Busybox
           Version: 1.22.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Other
        AssignedTo: unassigned at busybox.net
        ReportedBy: wangjia at ruijie.com.cn
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


When executing function inflate_block of file "archival/libarchive", huft_build
may be called in the form as 
"i = huft_build(ll, 19, 19, NULL, NULL, &inflate_codes_tl, &bl);"
in about line 839, which will cause a segmentation fault. As the forth
parameter passed to the function, NULL will be treated as an array of type
const unsigned short, and one element of it will be assigned to a variable of
type unsigned short(in about line 442). That the fault occurs.
Execute tar command may encounter this problem.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list