On various input files p7zip crashes with a segmentation fault. The stack trace on most of the input files looks like this:
Program received signal SIGSEGV, Segmentation fault.
memmove_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:1284
1284 ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S: No such file or directory.
(gdb) bt
0 memmove_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:1284
1 0x08614c4d in MoveItems (src=12, dest=11, this=<optimized out="">) at ../../../../CPP/Common/MyString.h:325
2 UString::Delete (this=0xbfffe9dc, index=11) at ../../../../CPP/Common/MyString.cpp:1144
3 0x086194ee in MultiByteToUnicodeString (srcString=...) at ../../../../CPP/Common/StringConvert.cpp:145
4 0x0861af27 in MultiByteToUnicodeString2 (dest=..., srcString=..., codePage=0) at ../../../../CPP/Common/StringConvert.cpp:208
5 0xbfffea88 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Attached are all files generated by American Fuzzy Lop (http://lcamtuf.coredump.cx/afl/) which causes a crash.
1) what version of p7zip?
2) what operation
7z l file
or
7z x file
?
1) 9.38
2) l
Ok. I suppose it's BUG in p7zip code.
StringConvert.cpp:
You must call ReleaseBuffer(numChars)
before another UString functions, like
resultString.Delete(i);
resultString.Insert(i, ((c >> 10) & 0x3ff) + 0xd800);
resultString.Insert(i + 1, (c & 0x3ff) + 0xdc00);
Can you try this fix with your tool :
CPP/Common/StringConvert.cpp, line 133, function MultiByteToUnicodeString is now :
Last edit: my p7zip 2015-02-20
It still crashes. Maybe it is a copy error. Could you post a patch-file? This way I can make sure the differences are the same.
here is my CPP/Common/StringConvert.cpp
With this patch, all files in crashes-p7zip.zip don't crash p7zip in ubuntu 14.10 64 bits.
I can confirm: No crashes anymore with the test files in my 32bit Debian either.
Last edit: luh 2015-02-25
this bug is fixed in p7zip 9.38.1