[Pkg-libburnia-devel] Bug#872545: libisofs6: heap-based buffer overflow in read_aaip_AL()

Thomas Schmitt scdbackup at gmx.net
Fri Aug 18 13:04:56 UTC 2017


my valgrind even says:

  valgrind: the 'impossible' happened:
     Killed by fatal signal

The trigger is an AAIP AL entry of length 4. The minimum size of an AL
entry is 6. This assumption made the code too optimistic about the
allocated length.

Fixed by:
  "Preventing buffer overflow with AAIP AL entry of insufficient size.
   Debian bug 872545. Thanks Jakub Wilk and American Fuzzy Lop."

Have a nice day :)


More information about the Pkg-libburnia-devel mailing list