Package: unalz Version: 0.65-5 unalz crashes on this file:
$ printf 'ALZ\1' > crash.alz $ unalz -l crash.alz unalz v0.65 (2009/04/01) Copyright(C) 2004-2009 by kipp...@gmail.com (http://www.kipple.pe.kr) Segmentation fault Valgrind says it's a null pointer dereference: Invalid read of size 4 at 0x4ACE446: fread (iofread.c:37) by 0x10AA67: UNALZ::CUnAlz::FRead(void*, unsigned int, int*) (UnAlz.cpp:1649) by 0x10ACE4: UNALZ::CUnAlz::ReadAlzFileHeader() (UnAlz.cpp:381) by 0x10C72C: UNALZ::CUnAlz::Open(char const*) (UnAlz.cpp:309) by 0x109431: main (main.cpp:290) Address 0x0 is not stack'd, malloc'd or (recently) free'd Found using American Fuzzy Lop: http://lcamtuf.coredump.cx/afl/ -- System Information: Architecture: i386 Versions of packages unalz depends on: ii libbz2-1.0 1.0.6-8.1 ii libc6 2.24-14 ii libgcc1 1:7.1.0-13 ii libstdc++6 7.1.0-13 ii zlib1g 1:1.2.8.dfsg-5 -- Jakub Wilk