[Bug 1851499] [NEW] lz4 SIGSEGV in LZ4_decompress_generic

Michail Wed, 06 Nov 2019 04:51:51 -0800

Public bug reported:

Affected packages:


https://packages.ubuntu.com/xenial/liblz4-1
https://packages.ubuntu.com/bionic/liblz4-1
https://packages.ubuntu.com/cosmic/liblz4-1
https://packages.ubuntu.com/disco/liblz4-1

Non-Affected packages:
https://packages.ubuntu.com/eoan/liblz4-1

Description:

I got SIGSEGV with lz4, when trying to read a corrupted stream
No null ptr check of source in LZ4_decompress_generic

Description of problem:

No null ptr check of source in  LZ4_decompress_generic

(gdb) bt
#0  0x00007ffff74ede70 in LZ4_decompress_generic (source=0x0,
    dest=0x631000028800 "press.foo.bar.6057 1
349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1
349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1
349830001\ncompress.foo.bar.6062 1 349830001"..., inputSize=1253,
outputSize=65536, endOnInput=1, partialDecoding=0, targetOutputSize=0,
dict=0,
    lowPrefix=0x631000028800 "press.foo.bar.6057 1
349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1
349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1
349830001\ncompress.foo.bar.6062 1 349830001"..., dictStart=0x0,
dictSize=0) at lz4.c:1157
#1  LZ4_decompress_safe (source=0x0,
    dest=0x631000028800 "press.foo.bar.6057 1
349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1
349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1
349830001\ncompress.foo.bar.6062 1 349830001"..., compressedSize=1253,
maxDecompressedSize=65536) at lz4.c:1290
#2  0x00007ffff7560631 in LZ4F_decompress_safe (source=0x0,
    dest=0x631000028800 "press.foo.bar.6057 1
349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1
349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1
349830001\ncompress.foo.bar.6062 1 349830001"..., compressedSize=1253,
maxDecompressedSize=65536,
    dictStart=0x631000028800 "press.foo.bar.6057 1
349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1
349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1
349830001\ncompress.foo.bar.6062 1 349830001"..., dictSize=0) at
lz4frame.c:957
#3  0x00007ffff755595b in LZ4F_decompress
(decompressionContext=0x61100000ff40, dstBuffer=0x7fffe8bdd82c,
dstSizePtr=0x7ffff0cf96e0, srcBuffer=0x62d000014400,
srcSizePtr=0x7ffff0cf96c0,
    decompressOptionsPtr=0x7ffff0cf8120) at lz4frame.c:1294


Version-Release number of selected component (if applicable):

In lz4 from HEAD bug was fixed
https://github.com/lz4/lz4/blob/master/lib/lz4.c#L1668

** Affects: lz4 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1851499

Title:
  lz4 SIGSEGV in LZ4_decompress_generic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lz4/+bug/1851499/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1851499] [NEW] lz4 SIGSEGV in LZ4_decompress_generic

Reply via email to