The attached file will cause a segfault in p7zip 16.02. I'll also attach two stack traces from address sanitizer - one with a stack trace of the crash itself and one of a failing memory allocation (can be controlled with ASAN_OPTIONS="allocator_may_return_null=1").
What's going on here is that 7z tries to allocate a huge amount of memory in 7zIn.cpp, line 1072:
The problem here is that there is no check whether the allocation actually worked. Thus if the allocation fails (which it does for insane amounts if memory) the code will just continue and try to write to data without it containing any valid pointer.
It seems this is not an isolated problem, I found similar calls to Alloc throughout the code with no checks for allocation failures.
Log in to post a comment.