Re: [Full-disclosure] Unzip *ALL* verisons ;))



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Dec 19, 2005 at 05:27:15PM +0100, Joachim Schipper wrote:
> On Mon, Dec 19, 2005 at 12:06:07PM +0000, c0ntex wrote:
> > Just to add to the pot, this little bug has been there a long time,
> > mmm, around 2+ yrs. Any apps calling unzip? Any unzip archives with
> > rather large files?
> >
> > ;)
> >
> > [c0ntex@linuxbox tmp]$ gdb -q unzip
> > (no debugging symbols found)...Using host libthread_db library
> > "/lib/tls/libthread_db.so.1".
> > (gdb) r `perl -e 'print "A" x 5000'`
> > Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'`
> > Reading symbols from shared object read from target memory...(no
> > debugging symbols found)...done.
> > Loaded system supplied DSO at 0xffffe000
> > (no debugging symbols found)...(no debugging symbols found)...unzip:
> > cannot find or open AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> >
> > [snip]
> >
> > AAAAAAAAAAAAAA.ZIP.
> > *** glibc detected *** double free or corruption: 0x08075008 ***
> >
> > Program received signal SIGABRT, Aborted.
> > 0xffffe410 in __kernel_vsyscall ()
> > (gdb) bt
> > #0 0xffffe410 in __kernel_vsyscall ()
> > #1 0x002a2955 in raise () from /lib/tls/libc.so.6
> > #2 0x002a4319 in abort () from /lib/tls/libc.so.6
> > #3 0x002dba1b in malloc_printerr () from /lib/tls/libc.so.6
> > #4 0x002dc4ba in free () from /lib/tls/libc.so.6
> > #5 0x080543a6 in ?? ()
> > #6 0x08075008 in ?? ()
> > #7 0x00000005 in ?? ()
> > #8 0x00000000 in ?? ()
>
> I cannot reproduce this, either with "A" x 5000 or "A" x 20000. I tested
> unzip-5.52 on Linux/i386-2.6 and OpenBSD/i386-3.8, and saw no error.

Got a nasty explosion here. CentOS 4.2, Unzip-5.51:

(gdb) r `perl -e 'print "A" x 5000'`
Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'`
(no debugging symbols found)
(no debugging symbols found)

Program received signal SIGSEGV, Segmentation fault.
0x00197956 in strcpy () from /lib/tls/libc.so.6

Best Regards,

- --
Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDpujppdyWzQ5b5ckRAj9uAKCqvcOLd5l+jzQus73rBPX7+ci4awCeNEIP
9zefoQnC9RPTEUghQtRDUeE=
=G3he
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] Unzip *ALL* verisons ;))
    ... Any apps calling unzip? ... >...Using host libthread_db library ... > debugging symbols found)...done. ...
    (Full-Disclosure)
  • Re: How to make (ptr + len) > lim safe?
    ... Your compiler is unlikely to set a policy for ... compiled code with debugging symbols turned on. ... Without some form of core file, ... kernels that introduced some crazy bug with VM paging of executables (and ...
    (comp.lang.c)
  • Re: GlibC "fix" broke Evolution 1.4.6 on FC2
    ... should I have to trace a bug in someone else's code? ... (no debugging symbols found)......(no ... random memory corruption happening somewhere, ... if all the crashes were in g_module_open, ...
    (Fedora)
  • Re: How to make (ptr + len) > lim safe?
    ... Your compiler is unlikely to set a policy for ... compiled code with debugging symbols turned on. ... more than 1 bug, and more than 1 bug which might possibly cause the ... Customer thinks, "Speedy service, I like these people". ...
    (comp.lang.c)