[Pkg-libburnia-devel] Bug#872545: libisofs6: heap-based buffer overflow in read_aaip_AL()
Thomas Schmitt
scdbackup at gmx.net
Fri Aug 18 13:04:56 UTC 2017
Hi,
my valgrind even says:
valgrind: the 'impossible' happened:
Killed by fatal signal
The trigger is an AAIP AL entry of length 4. The minimum size of an AL
entry is 6. This assumption made the code too optimistic about the
allocated length.
Fixed by:
https://dev.lovelyhq.com/libburnia/libisofs/commit/661b68ce8cfb77eabc2ce441fb306d7fb68e1bd0
"Preventing buffer overflow with AAIP AL entry of insufficient size.
Debian bug 872545. Thanks Jakub Wilk and American Fuzzy Lop."
Have a nice day :)
Thomas
More information about the Pkg-libburnia-devel
mailing list