| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051219162714.GB25578@melpomene.jschipper.dynalias.net> Date: Mon Dec 19 16:27:20 2005 From: j.schipper at math.uu.nl (Joachim Schipper) Subject: Unzip *ALL* verisons ;)) On Mon, Dec 19, 2005 at 12:06:07PM +0000, c0ntex wrote: > Just to add to the pot, this little bug has been there a long time, > mmm, around 2+ yrs. Any apps calling unzip? Any unzip archives with > rather large files? > > ;) > > [c0ntex@...uxbox tmp]$ gdb -q unzip > (no debugging symbols found)...Using host libthread_db library > "/lib/tls/libthread_db.so.1". > (gdb) r `perl -e 'print "A" x 5000'` > Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'` > Reading symbols from shared object read from target memory...(no > debugging symbols found)...done. > Loaded system supplied DSO at 0xffffe000 > (no debugging symbols found)...(no debugging symbols found)...unzip: > cannot find or open AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > > [snip] > > AAAAAAAAAAAAAA.ZIP. > *** glibc detected *** double free or corruption: 0x08075008 *** > > Program received signal SIGABRT, Aborted. > 0xffffe410 in __kernel_vsyscall () > (gdb) bt > #0 0xffffe410 in __kernel_vsyscall () > #1 0x002a2955 in raise () from /lib/tls/libc.so.6 > #2 0x002a4319 in abort () from /lib/tls/libc.so.6 > #3 0x002dba1b in malloc_printerr () from /lib/tls/libc.so.6 > #4 0x002dc4ba in free () from /lib/tls/libc.so.6 > #5 0x080543a6 in ?? () > #6 0x08075008 in ?? () > #7 0x00000005 in ?? () > #8 0x00000000 in ?? () I cannot reproduce this, either with "A" x 5000 or "A" x 20000. I tested unzip-5.52 on Linux/i386-2.6 and OpenBSD/i386-3.8, and saw no error. Joachim
Powered by blists - more mailing lists