You have been subscribed to a public bug:
Hi, I'm testing some widely used software with my fuzzer and I found this bug
in dmg2img.
I can't figure out how to contact the author (http://vu1tur.eu.org/dmg2img) and
the GitHub repo
seems a fork (https://github.com/Lekensteyn/dmg2img).
The bug is present in the version of dmg2img distributed with Ubuntu
18.04 (the lastest).
In the dmg2img.c file look at this snippet of code:
char *_blkx_begin = strstr(plist, blkx_begin);
blkx_size = strstr(_blkx_begin, list_end) - _blkx_begin;
blkx = (char *)malloc(blkx_size + 1);
memcpy(blkx, _blkx_begin, blkx_size);
blkx[blkx_size] = '\0';
This lead to a null ptr deref at line 2 when the strstr at line 1 fails.
I attach a testcase that triggers the bug.
I hope I was helpful,
Goodbye.
** Affects: dmg2img (Ubuntu)
Importance: Undecided
Status: New
** Tags: dmg2img
--
dmg2img null pointer deref
https://bugs.launchpad.net/bugs/1835461
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
