View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005405 | libextractor | extract | public | 2018-07-20 08:47 | 2018-11-18 11:24 |
| Reporter | Jin | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.7 | ||||
| Target Version | 1.8 | Fixed in Version | 1.8 | ||
| Summary | 0005405: Out of Bound Read in zip_extractor.c | ||||
| Description | Description: Function EXTRACTOR_zip_extract_method() in zip_extractor.c contains an out of bound read problem. Detail: in file zip_extractor.c: 37 EXTRACTOR_zip_extract_method (struct EXTRACTOR_ExtractContext *ec) 38 { 39 struct EXTRACTOR_UnzipFile *uf; 40 struct EXTRACTOR_UnzipFileInfo fi; 41 char fname[256]; 42 char fcomment[256]; // fcomment is 256 bytes ... 110 if ( (0 != strlen (fcomment)) && ... while parsing an malformed file, function ec_read_file_func() (unzip.c ) will called and copy 256 bytes content into fcomment, if fcomment[255] is not '/0', strlen (fcomment) (line 110 in zip_extractor.c) will lead out of bound read. CREDIT: ADLab of Venustech | ||||
| Steps To Reproduce | root@root# extract 7.16/crash-b7e795730cd3a204501c1c4bd79dec7468f9e6e1 Keywords for file 7.16/crash-b7e795730cd3a204501c1c4bd79dec7468f9e6e1: mimetype - application/zip embedded filename - [Content_Types].xml embedded filename - _rels/.rels embedded filename - ppt/slides/_rels/slide1.xml.rels embedded filename - ppt/_rels/presentation.xml.rels embedded filename - ppt/presentation.xml embedded filename - ppt/slides/slide1.xml embedded filename - ppt/slideLayouts/_rels/slideLayout7.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout8.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout10.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout11.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout9.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout1.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout2.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout3.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout4.xml.rels embedded filename - ppt/slideLayouts/_rels/slideLayout5.xml.rels comment - 將?-Z谪籝琐}K硽滕咻齶V秈唠玤麝_頴l窏髿琬!B:羟F?龒戬綦'勎癊拷せ鈯Y????秫渇?叉f=?螓澯韎℃竸*?~埅s1憬疑?裣鏝Q鼮S蹂黝宮?帿甮uA?Vn榧莋I`ngR^堓鰙H6傶?N?毮踬x硈;趴?譳簸嶣:2橽缸咤>_?KC鍠箞?Uz∵?乪℡嶼纥?梷横瘌瓿 | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-07-20 08:47 | Jin | New Issue | |
| 2018-07-20 08:47 | Jin | File Added: crash-b7e795730cd3a204501c1c4bd79dec7468f9e6e1 | |
| 2018-08-05 22:38 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2018-08-05 22:38 | Christian Grothoff | Status | new => assigned |
| 2018-08-05 22:38 | Christian Grothoff | Status | assigned => confirmed |
| 2018-08-05 22:38 | Christian Grothoff | Note Added: 0013177 | |
| 2018-08-05 22:38 | Christian Grothoff | Status | confirmed => resolved |
| 2018-08-05 22:38 | Christian Grothoff | Resolution | open => fixed |
| 2018-08-05 22:38 | Christian Grothoff | Fixed in Version | => 1.8 |
| 2018-08-05 22:39 | Christian Grothoff | Target Version | => 1.8 |
| 2018-08-05 22:39 | Christian Grothoff | Steps to Reproduce Updated | |
| 2018-11-18 11:24 | Christian Grothoff | Status | resolved => closed |
