Public bug reported:
Hi, I'm testing some Ubuntu packages with my fuzzer and I found this bug in
dmg2img.
I can't figure out how to contact the author (http://vu1tur.eu.org/dmg2img) and
the GitHub repo
seems a fork (https://github.com/Lekensteyn/dmg2img).
The bug is present in the version of dmg2img distributed with Ubuntu
18.04 (the lastest).
In the dmg2img.c file look at this snippet of code:
char *_blkx_begin = strstr(plist, blkx_begin);
blkx_size = strstr(_blkx_begin, list_end) - _blkx_begin;
blkx = (char *)malloc(blkx_size + 1);
memcpy(blkx, _blkx_begin, blkx_size);
blkx[blkx_size] = '\0';
This lead to a null ptr deref at line 2 when the strstr at line 1 fails.
I attach a testcase that triggers the bug.
I hope I was helpful,
Goodbye.
** Affects: dmg2img (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "id:000000,sig:11,src:000000,op:getdeps,pos:0"
https://bugs.launchpad.net/bugs/1835462/+attachment/5275120/+files/id%3A000000%2Csig%3A11%2Csrc%3A000000%2Cop%3Agetdeps%2Cpos%3A0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835462
Title:
null pointer deref in main()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dmg2img/+bug/1835462/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
