[Pkg-libburnia-devel] Bug#774152: libisofs6: null pointer dereference

Thomas Schmitt scdbackup at gmx.net
Mon Dec 29 17:38:41 UTC 2014


> xorriso crashes trying to read the attached ISO 9660 image:
> https://packages.debian.org/experimental/afl

How was the ISO image created ? It bears the marks of xorriso
but has faulty superblock data.
Did xorriso create a bad ISO ?
Did afl modify the image ?

The cause of the crash is a misleading block number in
the Primary Volume Descriptor of the image.
At 2 KB block 0x132 = 306, there should be the start of
the Directory Record list of the root directory. But there
starts an obvious file name "LIMERIC.;1" at byte offset 9.
If this was the start of a directory record list, the offset
should be 34, the file name should be the single byte 0x00.

Being mislead to a wrong address, libisofs reads a wrong
value of File Flags and sees a Multi-Extent bit. At this
point it should abort the attempt to load the meta data of
the ISO image. But it does not and continues with a half
initialized object which represents the data of the root

Upstream now avoids this particular case of sigsegv by


> crash.iso.xz  Application/X-XZ 

It is a bit cumbersome for me to uncompress .xz.
Would .bz2 be possible for future bug reports ?

> http://lcamtuf.coredump.cx/afl/
> (referenced by https://packages.debian.org/experimental/afl)

Can you tell me your setup for xorriso ?
I will have to build it from source, as i have no current
Debian at hand. Are there any known problems to avoid ?

Have a nice day :)


More information about the Pkg-libburnia-devel mailing list