[Pkg-libburnia-devel] Bug#872372: libisofs6: null pointer dereference

[Jakub Wilk]

Package: libisofs6
Version: 1.4.6-1

xorriso crashes on the attached ISO image:

   $ xorriso -signal_handling off -indev nullptr.iso -ls
   xorriso 1.4.6 : RockRidge filesystem manipulator, libburnia project.

   libisoburn: WARNING : ISO image size 808464432s larger than readable size 20s
   xorriso : NOTE : Loading ISO image tree from LBA 0
   Segmentation fault

GDB says it's a null pointer dereference in libisofs:

   Program received signal SIGSEGV, Segmentation fault.
   iso_file_source_get_aa_string (src=0x0, aa_string=0xffffd298, flag=2) at libisofs/fsource.c:129
   129         if (src->class->version < 1) {
   (gdb) print src
   $1 = (IsoFileSource *) 0x0
   (gdb) bt
   #0  iso_file_source_get_aa_string (src=0x0, aa_string=0xffffd298, flag=2) at libisofs/fsource.c:129
   #1  0xf7d3798c in iso_image_import (image=0x5656e8e0, src=0x56559cc0, opts=0x56559c88, features=0xffffd3d4) at libisofs/fs_image.c:5743
   #2  0xf7dba4e7 in isoburn_read_image (d=0xf7ca31a0 <drive_array>, read_opts=0x56559b98, image=0xffffd47c) at libisoburn/isofs_wrap.c:316
   #3  0xf7e1b707 in Xorriso_aquire_drive (xorriso=0xf7656008, adr=<optimized out>, show_adr=<optimized out>, flag=1) at xorriso/drive_mgt.c:565
   #4  0xf7dfd9a9 in Xorriso_option_dev (xorriso=0xf7656008, in_adr=<optimized out>, flag=1) at xorriso/opts_d_h.c:122
   #5  0xf7def925 in Xorriso_interpreter (xorriso=<optimized out>, argc=<optimized out>, argv=<optimized out>, idx=<optimized out>, flag=<optimized out>) at xorriso/parse_exec.c:1389
   #6  0x56555ba7 in main ()


Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/


-- System Information:
Architecture: i386

Versions of packages libisofs6:i386 depends on:
ii  libacl1  2.2.52-3+b1
ii  libc6    2.24-14
ii  libjte1  1.20-2+b1
ii  zlib1g   1:1.2.8.dfsg-5

-- 
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nullptr.iso.gz
Type: application/gzip
Size: 184 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-libburnia-devel/attachments/20170816/d50c245e/attachment.bin>