View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001391 | libextractor | plugins | public | 2008-07-21 06:08 | 2009-02-20 11:54 |
| Reporter | holin | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Summary | 0001391: segfaults from fuzzing | ||||
| Description | The test cases using zzuf cause segfaults. Can be reproduced by running src/test/fuzz_default.sh or make check. Reproducable at least on amd64 and ppc64. The first observed segfault seems to come from unzipping, but other segfaults are anticipated and this report should only be closed when the test case passes. Backtrace from the first observed segfault: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fb9f86426e0 (LWP 11024)] 0x00007fb9f7f4fcfe in memcpy () from /lib/libc.so.6 (gdb) bt #0 0x00007fb9f7f4fcfe in memcpy () from /lib/libc.so.6 #1 0x00007fb9f361a2d4 in Eread_file_func (opaque=0x7fff00656790, stream=<value optimized out>, buf=0x7fff0065647f, size=1) at ooextractor.c:1443 #2 0x00007fb9f3619abd in unzlocal_getByte (pzlib_filefunc_def=0x60db70, filestream=0x7fb9f891f000, pi=0x7fff006564b4) at ooextractor.c:254 #3 0x00007fb9f3619bc8 in unzlocal_getLong (pzlib_filefunc_def=0x7fff0065647f, filestream=0x7fb9f891f000, pX=0x7fff00656540) at ooextractor.c:315 #4 0x00007fb9f361a987 in unzOpenCurrentFile3 (file=0x60db70, method=0x0, level=0x0, raw=0) at ooextractor.c:1140 #5 0x00007fb9f361b741 in libextractor_oo_extract ( filename=<value optimized out>, data=<value optimized out>, size=<value optimized out>, prev=0x0) at ooextractor.c:1381 #6 0x00007fb9f8238203 in getKeywords (extractor=0x61c640, filename=0x7fff00658958 "extractortmp.T10811", data=0x7fb9f851f000 "PK\003\004\024", size=3274) at extractor.c:1261 #7 0x00007fb9f823877e in EXTRACTOR_getKeywords (extractor=0x61d1e0, filename=0x7fff00658958 "extractortmp.T10811") at extractor.c:1328 The file that caused this attached as extractortmp.T10811. | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
|
|
The original bug was fixed in 7504. "make check" now hangs for me (see 0001393). |
|
|
Fixed another issue (hopefully) in the RPM extractor by "upgrading" to librpm (which, when I looked at the code, had a complex fix for the particular issue that was causing the crash). |
|
|
Fixed another segv in tiff. |
|
|
On my system, "make check" now passes without error (except for 0001394, which is unrelated to fuzzing). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-07-21 06:08 | holin | New Issue | |
| 2008-07-21 06:08 | holin | File Added: extractortmp.T10811 | |
| 2008-07-21 16:24 | Christian Grothoff | Note Added: 0003603 | |
| 2008-07-22 03:10 | Christian Grothoff | Note Added: 0003605 | |
| 2008-07-22 03:20 | Christian Grothoff | Note Added: 0003606 | |
| 2008-07-22 03:21 | Christian Grothoff | Status | new => assigned |
| 2008-07-22 03:21 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2008-07-22 03:44 | Christian Grothoff | Status | assigned => resolved |
| 2008-07-22 03:44 | Christian Grothoff | Resolution | open => fixed |
| 2008-07-22 03:44 | Christian Grothoff | Note Added: 0003607 | |
| 2009-02-20 11:54 | Christian Grothoff | Status | resolved => closed |