Hi, Jakub Wilk reported to the Debian bug tracking system that unar crashes when it's run on the attached file. The full text of the report can be found below.
I will attempt to reproduce this problem using The Unarchiver on
Monday.
----- Forwarded message from Jakub Wilk <jw...@jwilk.net> -----
Date: Sat, 18 Nov 2017 23:05:21 +0100
From: Jakub Wilk <jw...@jwilk.net>
To: sub...@bugs.debian.org
Subject: Bug#882094: unar: heap-based buffer overflow in LHAready_made()
User-Agent: NeoMutt/20170609 (1.8.3)
Package: unar
Version: 1.10.1-2+b1
lsar crashes on the attached file:
$ lsar overflow.lha
overflow.lha: *** Error in `lsar': double free or corruption (out):
0x57103310 ***
...
Aborted
Valgrind says it's a buffer overflow:
Invalid write of size 1
at 0x18DC00: LHAready_made (XADLZHOldHandles.m:577)
by 0x18DC00: LHAdecode_c_st0 (XADLZHOldHandles.m:674)
by 0x18CABC: LhA_Decrunch (XADLZHOldHandles.m:1075)
by 0x18CC8C: _i_XADLZH3Handle__unpackData (XADLZHOldHandles.m:1128)
by 0x189F9C: _i_XADLibXADIOHandle__runUnpacker (XADLibXADIOHandle.m:114)
by 0x18997D: _i_XADLibXADIOHandle__seekToFileOffset_
(XADLibXADIOHandle.m:51)
by 0x1799F0: _i_XADCRCHandle__resetStream (XADCRCHandle.m:70)
by 0x1550CF: _i_XADStreamHandle__readAtMost_toBuffer_
(CSStreamHandle.m:138)
by 0x150A1A: _i_XADHandle__copyDataOfLengthAtMost_ (CSHandle.m:291)
by 0x14FAF4: _i_XADHandle__readDataOfLengthAtMost_ (CSHandle.m:276)
by 0x195774:
_i_XADMacArchiveParser__parseMacBinaryWithDictionary_name_retainPosition_
(XADMacArchiveParser.m:344)
by 0x1952EE:
_i_XADMacArchiveParser__addEntryWithDictionary_retainPosition_
(XADMacArchiveParser.m:133)
by 0x16431E: _i_XADArchiveParser__addEntryWithDictionary_
(XADArchiveParser.m:899)
Address 0x80aec5c is 0 bytes after a block of size 25,228 alloc'd
at 0x4830256: calloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x18C9E7: xadAllocVec (XADLibXADIOHandle.h:200)
by 0x18C9E7: LhA_Decrunch (XADLZHOldHandles.m:1025)
by 0x18CC8C: _i_XADLZH3Handle__unpackData (XADLZHOldHandles.m:1128)
by 0x189F9C: _i_XADLibXADIOHandle__runUnpacker (XADLibXADIOHandle.m:114)
by 0x18997D: _i_XADLibXADIOHandle__seekToFileOffset_
(XADLibXADIOHandle.m:51)
by 0x1799F0: _i_XADCRCHandle__resetStream (XADCRCHandle.m:70)
by 0x1550CF: _i_XADStreamHandle__readAtMost_toBuffer_
(CSStreamHandle.m:138)
by 0x150A1A: _i_XADHandle__copyDataOfLengthAtMost_ (CSHandle.m:291)
by 0x14FAF4: _i_XADHandle__readDataOfLengthAtMost_ (CSHandle.m:276)
by 0x195774:
_i_XADMacArchiveParser__parseMacBinaryWithDictionary_name_retainPosition_
(XADMacArchiveParser.m:344)
by 0x1952EE:
_i_XADMacArchiveParser__addEntryWithDictionary_retainPosition_
(XADMacArchiveParser.m:133)
by 0x16431E: _i_XADArchiveParser__addEntryWithDictionary_
(XADArchiveParser.m:899)
-- System Information:
Architecture: i386
Versions of packages unar depends on:
ii dpkg 1.19.0.4
ii gnustep-base-runtime 1.25.0-2
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.25-1
ii libgcc1 1:7.2.0-16
ii libgnustep-base1.25 1.25.0-2
ii libicu57 57.1-8
ii libobjc4 7.2.0-16
ii libstdc++6 7.2.0-16
ii libwavpack1 5.1.0-2
ii zlib1g 1:1.2.8.dfsg-5
--
Jakub Wilk
----- End forwarded message -----
--
Matt
overflow.lha
Description: application/lha
