Package: e2fsprogs Version: 1.43.5-1 $ gzip -d overflow.ext2.gz $ md5sum overflow.ext2 5de070b3f4c0f0562604bfaadbf8cd1d overflow.ext2 $ valgrind -q /sbin/e2fsck -n overflow.ext2 > /dev/null e2fsck 1.43.5 (04-Aug-2017) ==1718== Invalid write of size 4 ==1718== at 0x12A558: check_block_bitmaps (pass5.c:493) ==1718== by 0x12A558: e2fsck_pass5 (pass5.c:56) ==1718== by 0x117057: e2fsck_run (e2fsck.c:237) ==1718== by 0x11274C: main (unix.c:1804) ==1718== Address 0x4cf65d4 is 0 bytes after a block of size 4 alloc'd ==1718== at 0x4830256: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==1718== by 0x12E280: e2fsck_allocate_memory (util.c:128) ==1718== by 0x129AF0: check_block_bitmaps (pass5.c:335) ==1718== by 0x129AF0: e2fsck_pass5 (pass5.c:56) ==1718== by 0x117057: e2fsck_run (e2fsck.c:237) ==1718== by 0x11274C: main (unix.c:1804)==1718== ==1718== Invalid read of size 2
==1718== at 0x4869385: ext2fs_bg_flags_test (blknum.c:445) ==1718== by 0x12A8FB: check_block_bitmaps (pass5.c:435) ==1718== by 0x12A8FB: e2fsck_pass5 (pass5.c:56) ==1718== by 0x117057: e2fsck_run (e2fsck.c:237) ==1718== by 0x11274C: main (unix.c:1804) ==1718== Address 0x631a18a is not stack'd, malloc'd or (recently) free'd==1718== Signal (11) SIGSEGV si_code=SEGV_MAPERR fault addr=0x631a18a
...
Found using American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/ -- System Information: Architecture: i386 Versions of packages e2fsprogs depends on: ii e2fslibs 1.43.5-1 ii libblkid1 2.29.2-4 ii libc6 2.24-17 ii libcomerr2 1.43.5-1 ii libss2 1.43.5-1 ii libuuid1 2.29.2-4 ii util-linux 2.29.2-4 -- Jakub Wilk
overflow.ext2.gz
Description: application/gzip
