** Changed in: tar (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tar in Ubuntu. https://bugs.launchpad.net/bugs/1810241
Title: NULL dereference when decompressing specially crafted archives Status in tar package in Ubuntu: Triaged Bug description: Hi, Fuzzing tar with checksums disabled reveals a NULL pointer dereference when parsing certain archives that have malformed extended headers. This affects tar from (at least) Trusty, Bionic and Cosmic. I haven't tested Xenial's version. A test case with fixed checksums is attached. To avoid breaking anything that looks inside tar archives, I have converted it to text with xxd. To reproduce: $ xxd -r gnutar-crash.tar.txt gnutar-crash.tar $ tar Oxf gnutar-crash.tar tar: Ignoring unknown extended header keyword 'GNU.sparse.minTr' tar: Malformed extended header: missing length Segmentation fault (core dumped) I have also attached a patch against the latest upstream git and against 1.30 (in Cosmic). This fixes the issue by detecting the null result before it is dereferenced. Regards, Daniel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
