[Pkg-libburnia-devel] Bug#872590: libisofs6: integer overflow in susp_iter_next()
scdbackup at gmx.net
Sat Aug 19 16:09:40 UTC 2017
the immediate trigger of the bug is fixed by commit
"Preventing use of zero sized SUSP CE entry which causes SIGSEGV.
Debian bug 872590. Thanks Jakub Wilk and American Fuzzy Lop."
Further i installed a size curb for loading CE areas. For that i now only
read the amount of blocks which is necessary and refuse on more than 1 MiB.
"Avoid to read blocks from start of CE area which do not belong to the
A test for proper block addresses of CE areas was added:
"Refuse to read CE data blocks from after the end of ISO filesystem"
If the second or third change are bad, then the regression consequences are
severe. So i compared ISO reading of xorriso-1.4.6 with the one of development
version 1.4.7. The results got cleaned of systematic differences by a few
xorriso=... path to xorriso 1.4.6 or 1.4.7 ...
run=... "old" or "new" ...
for i in *.iso
valgrind "$xorriso" \
-report_about note -for_backup -hfsplus on \
-indev "$i" \
-find / -exec lsdl -- \
-find / -has_any_xattr -exec get_any_xattr -- \
-find / -exec getfacl -- \
| sed \
-e 's/^==[0-9][0-9]*=//' \
-e 's/xorriso 1.4./xorriso 1.4.X/g' \
-e 's/^= Command:.*$//' \
-e 's/^= total heap usage:.*$//' \
Comparison of both log files yields only insignifcant differences and the
improvements which were achieved by fixing the recent bugs found by AFL.
The log file size with my ISO 9660 collection is 90 MB. So there is a decent
Have a nice day :)
More information about the Pkg-libburnia-devel