In the bsOpenReadStream function, the memory pointer is obtained by malloc and finally assigned to bsIn, but since there is no free memory pointer, the memory leak is eventually caused.
When reading some special bz2 files, it will cause the program to crash, as follows
An attacker can cause a target service denial of service by uploading or sending a specially constructed bz2 file.
Attachments is the sample file.
In addition, I found that there are many dangerous functions in the code, like strcpy, strcat, but I have not found any problems with them, but I think this is not a good code, such as 349 lines of
strcpy(inFileName,argv[1]);
Although there is length verification on the above, but when I try to input the giant long parameters, the program is completely unresponsive. I hope you can adopt this suggestion, thank you!
A memory leak in line 430 of bzip2recover.c
In the
bsOpenReadStreamfunction, the memory pointer is obtained bymallocand finally assigned to bsIn, but since there is no free memory pointer, the memory leak is eventually caused.When reading some special bz2 files, it will cause the program to crash, as follows
An attacker can cause a target service denial of service by uploading or sending a specially constructed bz2 file.
Attachments is the sample file.
In addition, I found that there are many dangerous functions in the code, like strcpy, strcat, but I have not found any problems with them, but I think this is not a good code, such as 349 lines of
Although there is length verification on the above, but when I try to input the giant long parameters, the program is completely unresponsive. I hope you can adopt this suggestion, thank you!
You'd better report it on bzip2 bugzilla as bzip2 moved definitely to sourceware.
It seems to be fixed already in v1.0.8.
Last edit: Sam Tansy 2020-06-29