Comments (3)
pete4abw
commented on July 17, 2024
Try this for lrzip:
diff --git a/stream.c b/stream.c
index 7093ca9..87597c4 100644
--- a/stream.c
+++ b/stream.c
@@ -1220,11 +1220,11 @@ again:
print_err("Wrong password?\n");
goto failed;
}
- if (unlikely(v1)) {
+ if (unlikely(v1 < 1)) {
print_err("Unexpected initial c_len %lld in streams %lld\n", v1, v2);
goto failed;
}
- if (unlikely(v2)) {
+ if (unlikely(v2 < 1)) {
print_err("Unexpected initial u_len %lld in streams\n", v2);
goto failed;
}
from lrzip.
carnil
commented on July 17, 2024
This issue seems to be CVE-2023-39741
from lrzip.
pete4abw
commented on July 17, 2024
@carnil , The actual bug is in ZPAQ. The SDK used here is old. The last SDK (before Matt Mahoney retired), 7.15 has more robust error checking. Using @huanglei3 POC file...
There's a limit to how much error prevention can be done. If you examine the code in stream.c and other files, you will see exhaustive data checks. a solution is either to update the zpaq SDK like I did with lrzip-next or examine the libzpaq.cpp file at line 1311 and 1208. Or you can try the preventative fix posted above.
I get tired of these attempts to make a program fail. I'd rather people would try and make the programs better. Contribute code.
Fill_buffer stream 1 c_len 981 u_len 6036 last_head 1019
Starting thread 1 to decompress 981 bytes from stream 1
Reading ucomp header at 1048
Fill_buffer stream 1 c_len 0 u_len 0 last_head 0
Skipping empty match block
ZPAQ 2:21%
Thread 3 "lrzip" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7a1e6c0 (LWP 8576)]
libzpaq::PostProcessor::write (this=0x7ffff7a1dc70, c=0) at libzpaq/libzpaq.cpp:1208
1208 z.header[z.hend++]=c; // one byte of pcomp
(gdb) info stack
#0 libzpaq::PostProcessor::write (this=0x7ffff7a1dc70, c=0) at libzpaq/libzpaq.cpp:1208
#1 0x0000555555582ce4 in libzpaq::Decompresser::decompress (this=0x7ffff7a02b60, n=-1) at libzpaq/libzpaq.cpp:1311
#2 0x0000555555582f15 in libzpaq::decompress (in=0x7ffff7a1ddc0, out=0x7ffff7a1dda0) at libzpaq/libzpaq.cpp:1366
#3 0x000055555557a729 in zpaq_decompress (s_buf=0x7ffff0000b70 "", d_len=0x7ffff7a1de68, c_buf=0x5555555ca160 "zPQ\001", <incomplete sequence \304>, c_len=697, msgout=0x7ffff7bf2760 <_IO_2_1_stdout_>, progress=true,
thread=1) at libzpaq/libzpaq.h:539
#4 0x000055555556d063 in zpaq_decompress_buf (control=0x5555555aed40 <local_control>, ucthread=0x5555555c85e0, thread=1) at stream.c:446
#5 0x000055555557190e in ucompthread (data=0x0) at stream.c:1566
#6 0x00007ffff7aa8044 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#7 0x00007ffff7b285fc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
Using SDK 7.15 from lrzip-next
Fill_buffer stream 1 c_len 0 u_len 0 last_head 0
Skipping empty match block
ZPAQ Error: Empty PCOMP
[Inferior 1 (process 13034) exited with code 01]
from lrzip.
Related Issues (20)
- How to read the output HOT 1
- lrzip -t file.lrz fails when run from write-protected dir
- Streaming issue "No space left on device" in lrzip 0.651 HOT 1
- "Warning, low memory for chosen compression settings" for small target files HOT 12
- lrzip 0.651 test issue HOT 3
- Use of uninitialized memory bug HOT 1
- 41e8014 Add a -Q/--very-quiet option: Suppresses INFO. It shouldn't
- memory error in fill_buffer lrzip/stream.c HOT 1
- ZPAQ Segfault with incompressible blocks
- lrztar shows spurious "illegal option" with long options HOT 4
- Issue with -p or --threads HOT 12
- Incomplete fix of Issue #206 makes use-after-free still possible HOT 4
- "Unable to allocate enough memory for operation" on x86 when 10 threads are used. HOT 1
- Unable to stat file error on broken symlinks HOT 2
- Suggestion to support encrypted Stdin/Stdout when password provided on command line
- CPU detection does not account for CPU affinity HOT 8
- autoconf generates warnings on deprecated macros
- autoreconf: not found
- Makefile.am:34: error: Libtool library used but 'LIBTOOL' is undefined HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lrzip.