[Pkg-libburnia-devel] Bug#774152: libisofs6: null pointer dereference
Thomas Schmitt
scdbackup at gmx.net
Mon Dec 29 17:38:41 UTC 2014
Hi,
> xorriso crashes trying to read the attached ISO 9660 image:
> https://packages.debian.org/experimental/afl
How was the ISO image created ? It bears the marks of xorriso
but has faulty superblock data.
Did xorriso create a bad ISO ?
Did afl modify the image ?
The cause of the crash is a misleading block number in
the Primary Volume Descriptor of the image.
At 2 KB block 0x132 = 306, there should be the start of
the Directory Record list of the root directory. But there
starts an obvious file name "LIMERIC.;1" at byte offset 9.
If this was the start of a directory record list, the offset
should be 34, the file name should be the single byte 0x00.
Being mislead to a wrong address, libisofs reads a wrong
value of File Flags and sees a Multi-Extent bit. At this
point it should abort the attempt to load the meta data of
the ISO image. But it does not and continues with a half
initialized object which represents the data of the root
directory.
Upstream now avoids this particular case of sigsegv by
http://bazaar.launchpad.net/~libburnia-team/libisofs/scdbackup/revision/1181
> crash.iso.xz Application/X-XZ
It is a bit cumbersome for me to uncompress .xz.
Would .bz2 be possible for future bug reports ?
> http://lcamtuf.coredump.cx/afl/
> (referenced by https://packages.debian.org/experimental/afl)
Can you tell me your setup for xorriso ?
I will have to build it from source, as i have no current
Debian at hand. Are there any known problems to avoid ?
Have a nice day :)
Thomas
More information about the Pkg-libburnia-devel
mailing list