Migrate from GitHub to SourceForge with this tool. Check out all of SourceForge's recent improvements.
Close

#184 null pointer access / segfault after failing memory allocation in 7zIn.cpp

v1.0 (example)
open
nobody
None
5
2016-07-15
2016-07-15
Hanno Böck
No

The attached file will cause a segfault in p7zip 16.02. I'll also attach two stack traces from address sanitizer - one with a stack trace of the crash itself and one of a failing memory allocation (can be controlled with ASAN_OPTIONS="allocator_may_return_null=1").

What's going on here is that 7z tries to allocate a huge amount of memory in 7zIn.cpp, line 1072:
data.Alloc(unpackSize);

The problem here is that there is no check whether the allocation actually worked. Thus if the allocation fails (which it does for insane amounts if memory) the code will just continue and try to write to data without it containing any valid pointer.

It seems this is not an isolated problem, I found similar calls to Alloc throughout the code with no checks for allocation failures.

3 Attachments

Discussion


Log in to post a comment.