[Pkg-libburnia-devel] Bug#872475: libisofs6: buffer under-read in read_rr_SL()
Thomas Schmitt
scdbackup at gmx.net
Fri Aug 18 09:29:51 UTC 2017
Hi,
that snappy little Fluffball created an SL entry with an empty path component.
I understand it looks for suspicious code pieces and then tries to activate
them by submitting a series of nasty input files.
So i will not complain about its character, but only about its harmless
look (*).
The bad array index -1 is now fixed upstream by
https://dev.lovelyhq.com/libburnia/libisofs/commit/36c8800ff3da92a8c36df93ec2e906a26441a0e8
"Preventing buffer underread with empty RRIP SL component. Debian bug 872475.
Thanks Jakub Wilk and American Fuzzy Lop."
(Yesterday i omitted the bug number in the commit message for bug 872372.
Meanwhile i think it was un-debianish to close it already now. So i will
not close this one now but rather wait for the next libisofs release.
I do this Debian work once per year. Not enough practice to become fluent.
Criticism is welcome.)
The ISO further reveiled a memory leak.
*dest was left allocated by the caller. Now fixed upstream by
https://dev.lovelyhq.com/libburnia/libisofs/commit/16bde110767fca6a8411a277139aa0ff7a0f54d6
"Preventing memory leak caused by RRIP SL entry without PX entry that
marks the file as symbolic link"
-----------------------------------------------------------------------
(*) A fuzzy lop looks like a Tribble with eyes, ears, and cheeks.
Its german name "Widderkaninchen" means literally "Ram Rabbit",
which is because the hanging ears look somewhat like ram horns.
Have a nice day :)
Thomas
More information about the Pkg-libburnia-devel
mailing list