Package: pax
Version: 1:20161104-2
pax crashes on some malformed tar archives:
$ printf '%0125d606%023d57614%0356d' | pax > /dev/null
Segmentation fault
Valgrind says it's an out-of-bounds read:
Invalid read of size 4
at 0x4832F70: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x10EA47: memcpy (string3.h:53)
by 0x10EA47: rd_wrbuf (buf_subs.c:560)
by 0x10C9D1: next_head (ar_subs.c:1057)
by 0x10D15E: list (ar_subs.c:104)
by 0x109DD6: main (pax.c:296)
Address 0x8612ba58 is not stack'd, malloc'd or (recently) free'd
Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/
-- System Information:
Architecture: i386
Versions of packages pax depends on:
ii libc6 2.24-17
--
Jakub Wilk
