2018-12-10 22:29 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0005405libextractorextractpublic2018-11-18 11:24
ReporterJin 
Assigned ToChristian Grothoff 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
Product Version1.7 
Target Version1.8Fixed in Version1.8 
Summary0005405: Out of Bound Read in zip_extractor.c
DescriptionDescription:
Function EXTRACTOR_zip_extract_method() in zip_extractor.c contains an out of bound read problem.

Detail:

in file zip_extractor.c:

37 EXTRACTOR_zip_extract_method (struct EXTRACTOR_ExtractContext *ec)
38 {
39 struct EXTRACTOR_UnzipFile *uf;
40 struct EXTRACTOR_UnzipFileInfo fi;
41 char fname[256];
42 char fcomment[256]; // fcomment is 256 bytes
    ...
110 if ( (0 != strlen (fcomment)) &&
...

while parsing an malformed file, function ec_read_file_func() (unzip.c ) will called and copy 256 bytes content into fcomment, if fcomment[255] is not '/0', strlen (fcomment) (line 110 in zip_extractor.c) will lead out of bound read.

CREDIT:
ADLab of Venustech
Steps To Reproduceroot@root# extract 7.16/crash-b7e795730cd3a204501c1c4bd79dec7468f9e6e1
Keywords for file 7.16/crash-b7e795730cd3a204501c1c4bd79dec7468f9e6e1:
mimetype - application/zip
embedded filename - [Content_Types].xml
embedded filename - _rels/.rels
embedded filename - ppt/slides/_rels/slide1.xml.rels
embedded filename - ppt/_rels/presentation.xml.rels
embedded filename - ppt/presentation.xml
embedded filename - ppt/slides/slide1.xml
embedded filename - ppt/slideLayouts/_rels/slideLayout7.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout8.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout10.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout11.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout9.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout1.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout2.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout3.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout4.xml.rels
embedded filename - ppt/slideLayouts/_rels/slideLayout5.xml.rels
comment - 將?-Z谪籝琐}K硽滕咻齶V秈唠玤麝_頴l窏髿琬!B:羟F?龒戬綦'勎癊拷せ鈯Y????秫渇?叉f=?螓澯韎℃竸*?~埅s1憬疑?裣鏝Q鼮S蹂黝宮?帿甮uA?Vn榧莋I`ngR^堓鰙H6傶?N?毮踬x硈;趴?譳簸嶣:2橽缸咤>_?KC鍠箞?Uz∵?乪℡嶼纥?梷横瘌瓿
TagsNo tags attached.
Attached Files

-Relationships Relation Graph ] Dependency Graph ]
+Relationships

-Notes

~0013177

Christian Grothoff (manager)

Fixed in fb672b7..24c8d48
+Notes

-Issue History
Date Modified Username Field Change
2018-07-20 08:47 Jin New Issue
2018-07-20 08:47 Jin File Added: crash-b7e795730cd3a204501c1c4bd79dec7468f9e6e1
2018-08-05 22:38 Christian Grothoff Assigned To => Christian Grothoff
2018-08-05 22:38 Christian Grothoff Status new => assigned
2018-08-05 22:38 Christian Grothoff Status assigned => confirmed
2018-08-05 22:38 Christian Grothoff Note Added: 0013177
2018-08-05 22:38 Christian Grothoff Status confirmed => resolved
2018-08-05 22:38 Christian Grothoff Resolution open => fixed
2018-08-05 22:38 Christian Grothoff Fixed in Version => 1.8
2018-08-05 22:39 Christian Grothoff Target Version => 1.8
2018-08-05 22:39 Christian Grothoff Steps to Reproduce Updated View Revisions
2018-11-18 11:24 Christian Grothoff Status resolved => closed
+Issue History