View Issue Details

IDProjectCategoryView StatusLast Update
0000454filegeneralpublic2015-06-03 18:01
ReporterFelix Bolte 
Assigned ToChristos Zoulas 
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Platformx86_64 GNU/LinuxOSUbuntuOS Version12.04.5 LTS
Product Version5.09 
Target VersionFixed in Version5.23 
Summary0000454: SIGABRT (134) when using crafted magic file
Descriptionafter some fuzzing with afl, a crash came up when using the attached file as magic (-m) ... the problem occurs also in head v5.22:

felix@between:~$ file -m /tmp/broken_magic /etc/services
/tmp/broken_magic, 1: Warning: offset `ELF' invalid
/tmp/broken_magic, 1: Warning: type `ELF' invalid
file: No current entry for continuation
*** glibc detected *** file: double free or corruption (out): 0x0000000000ab4cc0 ***
file: malloc.c:2451: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted
Steps To Reproducefile -m broken_magic /etc/services
TagsNo tags attached.

Relationships

Activities

Felix Bolte

Felix Bolte

2015-06-03 14:00

reporter  

broken_magic (37 bytes)
ELF
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
broken_magic (37 bytes)
CVS Commit

CVS Commit

2015-06-03 18:01

developer   ~0000983


Module Name: file
Committed By: christos
Date: Wed Jun 3 18:01:20 UTC 2015

Modified Files:
    file/src: funcs.c

Log Message:
PR/454: Fix memory corruption when the continuation level jumps by more than
20 in a single step.


Christos Zoulas

Christos Zoulas

2015-06-03 18:01

manager   ~0000984

Fixed, thanks!

Issue History

Date Modified Username Field Change
2015-06-03 14:00 Felix Bolte New Issue
2015-06-03 14:00 Felix Bolte File Added: broken_magic
2015-06-03 18:00 Christos Zoulas Assigned To => Christos Zoulas
2015-06-03 18:00 Christos Zoulas Status new => assigned
2015-06-03 18:01 CVS Commit
2015-06-03 18:01 CVS Commit Note Added: 0000983
2015-06-03 18:01 CVS Commit Status assigned => confirmed
2015-06-03 18:01 CVS Commit Resolution open => fixed
2015-06-03 18:01 Christos Zoulas Note Added: 0000984
2015-06-03 18:01 Christos Zoulas Status confirmed => resolved
2015-06-03 18:01 Christos Zoulas Fixed in Version => 5.23