bug-cpio
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Several memory safety violations in cpio 2.13

From: Hanno Böck
Subject: Re: Several memory safety violations in cpio 2.13
Date: Sun, 10 Nov 2019 14:44:03 +0100 
And one more buffer overflow:

x3EwMDAwMKIwMDAwMDAwMDAwMDAKAAAAAAAwMDAwMDAwMDAA


==6210==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000211 
at pc 0x7f45a428b2d5 bp 0x7ffede1dcc90 sp 0x7ffede1dc438
WRITE of size 2 at 0x602000000211 thread T0
    #0 0x7f45a428b2d4 in memmove 
(/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/libasan.so.5+0x9f2d4)
    #1 0x564df43ebc0b in copyin_link /tmp/cpio/src/copyin.c:648
    #2 0x564df43ebc0b in copyin_file /tmp/cpio/src/copyin.c:708
    #3 0x564df43ebc0b in process_copy_in /tmp/cpio/src/copyin.c:1420
    #4 0x564df43cee5f in main /tmp/cpio/src/main.c:780
    #5 0x7f45a403fe8a in __libc_start_main (/lib64/libc.so.6+0x23e8a)
    #6 0x564df43d0059 in _start (/tmp/cpio1/src/cpio+0x14059)


To make things simpler I put the commands to run the fuzzing in a
script and attached it. It will checkout cpio to /tmp, build it with
afl and asan and run afl-fuzz. (In case anyone wants to use it I hereby
put it under a CC0 license, i.e. do with it whatever you want.)

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Attachment: fuzzcpio
Description: Binary data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]