[Pkg-libburnia-devel] Bug#872475: libisofs6: buffer under-read in read_rr_SL()

Thomas Schmitt scdbackup at gmx.net
Fri Aug 18 09:29:51 UTC 2017


that snappy little Fluffball created an SL entry with an empty path component.

I understand it looks for suspicious code pieces and then tries to activate
them by submitting a series of nasty input files.
So i will not complain about its character, but only about its harmless
look (*).

The bad array index -1 is now fixed upstream by
  "Preventing buffer underread with empty RRIP SL component. Debian bug 872475.
   Thanks Jakub Wilk and American Fuzzy Lop."

(Yesterday i omitted the bug number in the commit message for bug 872372.
 Meanwhile i think it was un-debianish to close it already now. So i will
 not close this one now but rather wait for the next libisofs release.
 I do this Debian work once per year. Not enough practice to become fluent.
 Criticism is welcome.)

The ISO further reveiled a memory leak.
*dest was left allocated by the caller. Now fixed upstream by
  "Preventing memory leak caused by RRIP SL entry without PX entry that
   marks the file as symbolic link"

(*) A fuzzy lop looks like a Tribble with eyes, ears, and cheeks.
    Its german name "Widderkaninchen" means literally "Ram Rabbit",
    which is because the hanging ears look somewhat like ram horns.

Have a nice day :)


More information about the Pkg-libburnia-devel mailing list