View Issue Details

IDProjectCategoryView StatusLast Update
0000550filegeneralpublic2016-06-01 22:04
ReporterF. Alonso 
Assigned ToChristos Zoulas 
PrioritynormalSeveritycrashReproducibilityhave not tried
Status resolvedResolutionfixed 
Platformx86_64OSlinuxOS VersionFedora
Product Version5.27 
Target VersionFixed in Version5.28 
Summary0000550: file 5.27 der.c:146
Description==24401==ERROR: AddressSanitizer: SEGV on unknown address 0x7f16322de6be (pc 0x7f1572498a40 bp 0x7f1567f846d0 sp 0x7ffce3a8e900 T0)
    #0 0x7f1572498a3f in gettag /home/revskills/libFuzzer/file-5.27/src/der.c:146
    #1 0x7f1572498ef9 in der_cmp /home/revskills/libFuzzer/file-5.27/src/der.c:260
    #2 0x7f15724841b6 in magiccheck /home/revskills/libFuzzer/file-5.27/src/softmagic.c:2124
    0000003 0x7f157248a972 in match /home/revskills/libFuzzer/file-5.27/src/softmagic.c:311
    0000004 0x7f15724864c6 in file_softmagic /home/revskills/libFuzzer/file-5.27/src/softmagic.c:107
    0000005 0x7f157249715b in file_buffer /home/revskills/libFuzzer/file-5.27/src/funcs.c:254
    0000006 0x7f15724771fa in file_or_fd /home/revskills/libFuzzer/file-5.27/src/magic.c:521
    0000007 0x7f1572477807 in magic_file /home/revskills/libFuzzer/file-5.27/src/magic.c:399
    0000008 0x401f8c in process /home/revskills/libFuzzer/file-5.27/src/file.c:513
    0000009 0x40338a in main /home/revskills/libFuzzer/file-5.27/src/file.c:383
    0000010 0x7f1571eaf57f in __libc_start_main (/lib64/libc.so.6+0x2057f)
    0000011 0x401618 in _start (/usr/local/bin/file+0x401618)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/revskills/libFuzzer/file-5.27/src/der.c:146 gettag
==24401==ABORTING
Steps To Reproducefile ac8dc813f7cf8190bfd94e3c8659f892


TagsNo tags attached.

Relationships

Activities

F. Alonso

F. Alonso

2016-05-28 15:15

reporter  

CVS Commit

CVS Commit

2016-06-01 22:01

developer   ~0001321


Module Name: file
Committed By: christos
Date: Wed Jun 1 22:01:15 UTC 2016

Modified Files:
    file/src: der.c softmagic.c

Log Message:
PR/550: Segv on DER parsing:
- use the correct variable for length
- set offset to 0 on failure.


Christos Zoulas

Christos Zoulas

2016-06-01 22:01

manager   ~0001322

Thanks!
CVS Commit

CVS Commit

2016-06-01 22:04

developer   ~0001325


Module Name: file
Committed By: christos
Date: Wed Jun 1 22:04:10 UTC 2016

Modified Files:
    file/src: softmagic.c

Log Message:
PR/555: Avoid overflow for offset > nbytes (programming error caused
by PR/550).


Issue History

Date Modified Username Field Change
2016-05-28 15:15 F. Alonso New Issue
2016-05-28 15:15 F. Alonso File Added: ac8dc813f7cf8190bfd94e3c8659f892
2016-06-01 22:01 Christos Zoulas Assigned To => Christos Zoulas
2016-06-01 22:01 Christos Zoulas Status new => assigned
2016-06-01 22:01 CVS Commit
2016-06-01 22:01 CVS Commit Note Added: 0001321
2016-06-01 22:01 CVS Commit Status assigned => confirmed
2016-06-01 22:01 CVS Commit Resolution open => fixed
2016-06-01 22:01 Christos Zoulas Note Added: 0001322
2016-06-01 22:01 Christos Zoulas Status confirmed => resolved
2016-06-01 22:01 Christos Zoulas Fixed in Version => 5.28
2016-06-01 22:04 CVS Commit
2016-06-01 22:04 CVS Commit Note Added: 0001325
2016-06-01 22:04 CVS Commit Status resolved => confirmed
2016-06-01 22:04 Christos Zoulas Status confirmed => resolved