Package: unace Version: 1.2b-11 Usertags: afl unace crashes when trying to test integrity of the attached file:
$ unace t crash UNACE v1.2 public version Segmentation fault gdb says it's an integer overflow, followed by buffer overflow: (gdb) bt #0 __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:116 #1 0x0000000000401558 in read_header (print_err=0) at unace.c:171 #2 0x00000000004017b7 in read_arc_head () at unace.c:222 #3 0x0000000000401943 in open_archive (print_err=1) at unace.c:254 #4 0x000000000040258f in main (argc=3, argv=0x7fffffffe6d8) at unace.c:604 (gdb) up #1 0x0000000000401558 in read_header (print_err=0) at unace.c:171 171 memcpy(mhead.AV, tp, rd-(USHORT)(tp-readbuf)); (gdb) print rd-(USHORT)(tp-readbuf) $1 = -27 This bug was found using American fuzzy lop: https://packages.debian.org/experimental/afl -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages unace depends on: ii libc6 2.19-13 -- Jakub Wilk
crash.ACE
Description: Binary data

