Package: nomarch
Version: 1.4-3+b2
nomarch crashes on this file:
$ printf '\32\177%015d\0\0%09d\0\032%012335d' > overflow.arc
$ nomarch -p overflow.arc
Segmentation fault
Valgrind says it's a buffer overflow in outputstring():
Invalid write of size 4
at 0x10A987: outputstring (in /usr/bin/nomarch)
by 0x10AB20: convert_lzw_dynamic (in /usr/bin/nomarch)
by 0x109607: arc_extract_or_test (in /usr/bin/nomarch)
by 0x1089C4: main (in /usr/bin/nomarch)
Address 0x213000 is not stack'd, malloc'd or (recently) free'd
-- System Information:
Architecture: i386
Versions of packages nomarch depends on:
ii libc6 2.24-17
--
Jakub Wilk
