URL: <https://savannah.gnu.org/bugs/?66004>
Summary: recursive download crashes on html files bigger than INT_MAX Group: GNU Wget Submitter: None Submitted: Fri 19 Jul 2024 06:57:40 PM UTC Category: Crash/Freeze/Infloop Severity: 3 - Normal Priority: 5 - Normal Status: None Privacy: Public Assigned to: None Originator Name: Amy Originator Email: yma32...@gmail.com Open/Closed: Open Discussion Lock: Any Release: 1.20 Operating System: Mac OS Reproducibility: Every Time Fixed Release: None Planned Release: None Regression: None Work Required: None Patch Included: No _______________________________________________________ Follow-up Comments: ------------------------------------------------------- Date: Fri 19 Jul 2024 06:57:40 PM UTC By: Anonymous this affects 1.24.5, but versions newer than 1.20 don't seem to be in the dropdown? reproducible by using -r on a url that wget treats as html and has a size which will become negative when casted from long to int (e.g. will crash with a 3gb file, but not a 5gb one). it will segfault reading out of bounds on the mapped file. seems this is because of map_html_tags size argument. (while of course a 2+ gb html file is rare and i don't see how this would be exploitable, a misconfigured server can result in binary files being parsed as html, which is how i originally ran into this bug) hope that helps! _______________________________________________________ File Attachments: ------------------------------------------------------- Name: macos@cr...@report.txt Size: 7KiB <https://file.savannah.gnu.org/file/macos@cr...@report.txt?file_id=56291> AGPL NOTICE These attachments are served by Savane. You can download the corresponding source code of Savane at https://git.savannah.nongnu.org/cgit/administration/savane.git/snapshot/savane-b921eb6f47f98f9b46802ed414f7b7f6c3798603.tar.gz _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?66004> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
signature.asc
Description: PGP signature