Hi Salvatore, How to reproduce your bug?
I'm currently using valgrind with the rar file you provided. And found
that there are some unconditional jump based some uninit value. Please
see the attachment [1].
After fixing that [2], valgrind is happy now without any errors.
Not sure if this is related to this bug.
Attaching the autopkgtest scripts [3] for testing the package.
If this looks good for you I'll upload this soon.
[1] val_log1.txt
[2] 0002-CVE-2017-14122.patch
[3] 0003-CVE-2017-14122
Yours Sincerely,
Paul
--
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) <paul...@debian.org>
==4627== Memcheck, a memory error detector ==4627== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==4627== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==4627== Command: /usr/bin/unrar-free x unrar-gpl-stack-overread.rar ==4627== Parent PID: 11514 ==4627== ==4627== Use of uninitialised value of size 8 ==4627== at 0x10BCE7: CalcCRC32 (unrarlib.c:2180) ==4627== by 0x10BCE7: ReadHeader (unrarlib.c:627) ==4627== by 0x10C090: ReadBlock (unrarlib.c:506) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10BFEB: ReadBlock (unrarlib.c:509) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10C022: ReadBlock (unrarlib.c:514) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4C2BACC: malloc (vg_replace_malloc.c:298) ==4627== by 0x4C2DE9F: realloc (vg_replace_malloc.c:785) ==4627== by 0x10C282: ReadBlock (unrarlib.c:538) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E9FA54: fread (iofread.c:35) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EAA9C8: _IO_file_xsgetn (fileops.c:1386) ==4627== by 0x4E9FAD8: fread (iofread.c:38) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EAA9E0: _IO_file_xsgetn (fileops.c:1389) ==4627== by 0x4E9FAD8: fread (iofread.c:38) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EAAA2C: _IO_file_xsgetn (fileops.c:1420) ==4627== by 0x4E9FAD8: fread (iofread.c:38) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E9FB27: fread (iofread.c:40) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Use of uninitialised value of size 8 ==4627== at 0x10C2B3: ReadBlock (unrarlib.c:540) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10C2E7: ReadBlock (unrarlib.c:560) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10C5A8: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4C2BB9C: malloc (vg_replace_malloc.c:299) ==4627== by 0x10C5F4: urarlib_list (unrarlib.c:415) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4C2EECB: strcpy (vg_replace_strmem.c:510) ==4627== by 0x10C607: strcpy (string3.h:110) ==4627== by 0x10C607: urarlib_list (unrarlib.c:416) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a heap allocation ==4627== at 0x4C2BB1F: malloc (vg_replace_malloc.c:298) ==4627== by 0x4C2DE9F: realloc (vg_replace_malloc.c:785) ==4627== by 0x10C282: ReadBlock (unrarlib.c:538) ==4627== by 0x10C5A5: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EA9F68: _IO_file_seekoff@@GLIBC_2.2.5 (fileops.c:1094) ==4627== by 0x4EA7398: fseek (fseek.c:36) ==4627== by 0x10C67F: urarlib_list (unrarlib.c:430) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Syscall param lseek(offset) contains uninitialised byte(s) ==4627== at 0x4F20AE7: lseek (syscall-template.S:84) ==4627== by 0x4EA9F9F: _IO_file_seekoff@@GLIBC_2.2.5 (fileops.c:1099) ==4627== by 0x4EA7398: fseek (fseek.c:36) ==4627== by 0x10C67F: urarlib_list (unrarlib.c:430) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EA9FAF: _IO_file_seekoff@@GLIBC_2.2.5 (fileops.c:1102) ==4627== by 0x4EA7398: fseek (fseek.c:36) ==4627== by 0x10C67F: urarlib_list (unrarlib.c:430) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Syscall param read(count) contains uninitialised byte(s) ==4627== at 0x4F136C0: __read_nocancel (syscall-template.S:84) ==4627== by 0x4EA9FEA: _IO_file_seekoff@@GLIBC_2.2.5 (fileops.c:1106) ==4627== by 0x4EA7398: fseek (fseek.c:36) ==4627== by 0x10C67F: urarlib_list (unrarlib.c:430) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EA9FF5: _IO_file_seekoff@@GLIBC_2.2.5 (fileops.c:1109) ==4627== by 0x4EA7398: fseek (fseek.c:36) ==4627== by 0x10C67F: urarlib_list (unrarlib.c:430) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Syscall param lseek(offset) contains uninitialised byte(s) ==4627== at 0x4F20AE7: lseek (syscall-template.S:84) ==4627== by 0x4EA9D7D: _IO_file_seekoff@@GLIBC_2.2.5 (fileops.c:1126) ==4627== by 0x4EA7398: fseek (fseek.c:36) ==4627== by 0x10C67F: urarlib_list (unrarlib.c:430) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10BCB6: ReadHeader (unrarlib.c:626) ==4627== by 0x10C090: ReadBlock (unrarlib.c:506) ==4627== by 0x10C689: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Use of uninitialised value of size 8 ==4627== at 0x10BCE7: CalcCRC32 (unrarlib.c:2180) ==4627== by 0x10BCE7: ReadHeader (unrarlib.c:627) ==4627== by 0x10C090: ReadBlock (unrarlib.c:506) ==4627== by 0x10C689: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10C0E6: ReadBlock (unrarlib.c:533) ==4627== by 0x10C689: urarlib_list (unrarlib.c:389) ==4627== by 0x10A911: unrar_extract (unrar.c:425) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10A9EC: unrar_extract (unrar.c:469) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Use of uninitialised value of size 8 ==4627== at 0x10BCE7: CalcCRC32 (unrarlib.c:2180) ==4627== by 0x10BCE7: ReadHeader (unrarlib.c:627) ==4627== by 0x10C090: ReadBlock (unrarlib.c:506) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10BFEB: ReadBlock (unrarlib.c:509) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10C022: ReadBlock (unrarlib.c:514) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4C2DDC5: realloc (vg_replace_malloc.c:785) ==4627== by 0x10C282: ReadBlock (unrarlib.c:538) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E9FA54: fread (iofread.c:35) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EAA9C8: _IO_file_xsgetn (fileops.c:1386) ==4627== by 0x4E9FAD8: fread (iofread.c:38) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EAA9E0: _IO_file_xsgetn (fileops.c:1389) ==4627== by 0x4E9FAD8: fread (iofread.c:38) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4EAAA2C: _IO_file_xsgetn (fileops.c:1420) ==4627== by 0x4E9FAD8: fread (iofread.c:38) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E9FB27: fread (iofread.c:40) ==4627== by 0x10C2A4: fread (stdio2.h:295) ==4627== by 0x10C2A4: ReadBlock (unrarlib.c:539) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Use of uninitialised value of size 8 ==4627== at 0x10C2B3: ReadBlock (unrarlib.c:540) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10C2E7: ReadBlock (unrarlib.c:560) ==4627== by 0x10E6B1: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10E6B4: ExtrFile (unrarlib.c:725) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4C2F405: __strncpy_sse2_unaligned (vg_replace_strmem.c:552) ==4627== by 0x10C7DB: strncpy (string3.h:126) ==4627== by 0x10C7DB: stricomp (unrarlib.c:852) ==4627== by 0x10E6D9: ExtrFile (unrarlib.c:745) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4C2BB9C: malloc (vg_replace_malloc.c:299) ==4627== by 0x10E87B: ExtrFile (unrarlib.c:751) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x10E704: ExtrFile (unrarlib.c:769) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E7F7AD: vfprintf (vfprintf.c:1636) ==4627== by 0x4F2EAA5: __vsnprintf_chk (vsnprintf_chk.c:63) ==4627== by 0x4F2EA07: __snprintf_chk (snprintf_chk.c:34) ==4627== by 0x10E97D: snprintf (stdio2.h:64) ==4627== by 0x10E97D: ExtrFile (unrarlib.c:772) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Use of uninitialised value of size 8 ==4627== at 0x4E7C19B: _itoa_word (_itoa.c:179) ==4627== by 0x4E80899: vfprintf (vfprintf.c:1636) ==4627== by 0x4F2EAA5: __vsnprintf_chk (vsnprintf_chk.c:63) ==4627== by 0x4F2EA07: __snprintf_chk (snprintf_chk.c:34) ==4627== by 0x10E97D: snprintf (stdio2.h:64) ==4627== by 0x10E97D: ExtrFile (unrarlib.c:772) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E7C1A5: _itoa_word (_itoa.c:179) ==4627== by 0x4E80899: vfprintf (vfprintf.c:1636) ==4627== by 0x4F2EAA5: __vsnprintf_chk (vsnprintf_chk.c:63) ==4627== by 0x4F2EA07: __snprintf_chk (snprintf_chk.c:34) ==4627== by 0x10E97D: snprintf (stdio2.h:64) ==4627== by 0x10E97D: ExtrFile (unrarlib.c:772) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E809A1: vfprintf (vfprintf.c:1636) ==4627== by 0x4F2EAA5: __vsnprintf_chk (vsnprintf_chk.c:63) ==4627== by 0x4F2EA07: __snprintf_chk (snprintf_chk.c:34) ==4627== by 0x10E97D: snprintf (stdio2.h:64) ==4627== by 0x10E97D: ExtrFile (unrarlib.c:772) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E7F861: vfprintf (vfprintf.c:1636) ==4627== by 0x4F2EAA5: __vsnprintf_chk (vsnprintf_chk.c:63) ==4627== by 0x4F2EA07: __snprintf_chk (snprintf_chk.c:34) ==4627== by 0x10E97D: snprintf (stdio2.h:64) ==4627== by 0x10E97D: ExtrFile (unrarlib.c:772) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== Conditional jump or move depends on uninitialised value(s) ==4627== at 0x4E7F8E2: vfprintf (vfprintf.c:1636) ==4627== by 0x4F2EAA5: __vsnprintf_chk (vsnprintf_chk.c:63) ==4627== by 0x4F2EA07: __snprintf_chk (snprintf_chk.c:34) ==4627== by 0x10E97D: snprintf (stdio2.h:64) ==4627== by 0x10E97D: ExtrFile (unrarlib.c:772) ==4627== by 0x10EA7B: urarlib_get (unrarlib.c:303) ==4627== by 0x10A70F: unrar_extract_file (unrar.c:343) ==4627== by 0x10AA03: unrar_extract (unrar.c:487) ==4627== by 0x109CB4: main (unrar.c:561) ==4627== Uninitialised value was created by a stack allocation ==4627== at 0x10BAE0: ReadHeader (unrarlib.c:596) ==4627== ==4627== ==4627== HEAP SUMMARY: ==4627== in use at exit: 1,298 bytes in 4 blocks ==4627== total heap usage: 21 allocs, 17 frees, 2,119,676 bytes allocated ==4627== ==4627== LEAK SUMMARY: ==4627== definitely lost: 0 bytes in 0 blocks ==4627== indirectly lost: 0 bytes in 0 blocks ==4627== possibly lost: 0 bytes in 0 blocks ==4627== still reachable: 1,298 bytes in 4 blocks ==4627== suppressed: 0 bytes in 0 blocks ==4627== Rerun with --leak-check=full to see details of leaked memory ==4627== ==4627== For counts of detected and suppressed errors, rerun with: -v ==4627== ERROR SUMMARY: 128 errors from 45 contexts (suppressed: 0 from 0)
Description: This patch fixes CVE-2017-14122 CVE-2017-14122 describes a security issue about stack overread vulnerability. Author: Ying-Chun Liu (PaulLiu) <paul...@debian.org> Bug-Debian: https://bugs.debian.org/874060 Last-Update: 2017-10-14 Index: unrar-free-0.0.1+cvs20140707/src/unrarlib.c =================================================================== --- unrar-free-0.0.1+cvs20140707.orig/src/unrarlib.c +++ unrar-free-0.0.1+cvs20140707/src/unrarlib.c @@ -596,6 +596,7 @@ ReadHeader (int BlockType) { int Size = 0; unsigned char Header[64]; + memset(Header,0,sizeof(Header)); switch (BlockType) { case MAIN_HEAD:
#!/bin/sh
#
# Test CVE-2017-14122
setUp() {
uudecode > unrar-gpl-stack-overread.rar <<EOF
begin-base64 644 -
UmFyIRoHADAwMDAwDQAwMDAwMDAwMHQwMDA=
====
EOF
}
tearDown() {
rm -f unrar-gpl-stack-overread.rar
}
testList() {
valgrind --error-exitcode=122 --track-origins=yes unrar-free --list
unrar-gpl-stack-overread.rar
assertEquals "Status code" 0 $?
}
testExtract() {
valgrind --error-exitcode=122 --track-origins=yes unrar-free --extract
unrar-gpl-stack-overread.rar
assertNotEquals "Status code" 122 $?
}
. /usr/bin/shunit2
signature.asc
Description: OpenPGP digital signature
