Menu
▾
▴
1 Attachments
#185 null pointer access / segfault in NArchive::N7z::CInArchive::ReadAndDecodePackedStreams
The attached 7z file will cause a segfault in 7za 16.02. This was found with the help of american fuzzy lop.
Here's a stack trace from address sanitizer:
==8993==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000062226d bp 0x7fff36b21de0 sp 0x7fff36b21a40 T0)
#0 0x62226c in NArchive::N7z::CInArchive::ReadAndDecodePackedStreams(unsigned long long, unsigned long long&, CObjectVector<CBuffer<unsigned char> >&, ICryptoGetTextPassword*, bool&, bool&, UString&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/Archive/7z/7zIn.cpp:1100:15
#1 0x623930 in NArchive::N7z::CInArchive::ReadHeader(NArchive::N7z::CDbEx&, ICryptoGetTextPassword*, bool&, bool&, UString&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/Archive/7z/7zIn.cpp:1122:22
#2 0x62c63d in NArchive::N7z::CInArchive::ReadDatabase2(NArchive::N7z::CDbEx&, ICryptoGetTextPassword*, bool&, bool&, UString&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/Archive/7z/7zIn.cpp:1603:10
#3 0x62d7e7 in NArchive::N7z::CInArchive::ReadDatabase(NArchive::N7z::CDbEx&, ICryptoGetTextPassword*, bool&, bool&, UString&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/Archive/7z/7zIn.cpp:1618:19
#4 0x5f779f in NArchive::N7z::CHandler::Open(IInStream*, unsigned long long const*, IArchiveOpenCallback*) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/Archive/7z/7zHandler.cpp:670:22
#5 0x9dc6c9 in CArc::OpenStream2(COpenOptions const&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Common/OpenArchive.cpp:1878:18
#6 0x9efa1c in CArc::OpenStream(COpenOptions const&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Common/OpenArchive.cpp:2901:3
#7 0x9f1d0c in CArc::OpenStreamOrFile(COpenOptions&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Common/OpenArchive.cpp:2993:17
#8 0x9f3c9f in CArchiveLink::Open(COpenOptions&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Common/OpenArchive.cpp:3169:24
#9 0x9f6ea2 in CArchiveLink::Open2(COpenOptions&, IOpenCallbackUI*) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Common/OpenArchive.cpp:3292:17
#10 0x9f89b1 in CArchiveLink::Open3(COpenOptions&, IOpenCallbackUI*) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Common/OpenArchive.cpp:3356:17
#11 0x9af5ce in Extract(CCodecs*, CObjectVector<COpenType> const&, CRecordVector<int> const&, CObjectVector<UString>&, CObjectVector<UString>&, NWildcard::CCensorNode const&, CExtractOptions const&, IOpenCallbackUI*, IExtractCallbackUI*, IHashCalc*, UString&, CDecompressStat&) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Common/Extract.cpp:362:22
#12 0xa6b66d in Main2(int, char**) /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Console/Main.cpp:923:21
#13 0xa7b0a5 in main /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/UI/Console/MainAr.cpp:66:11
#14 0x7fd3347fb78f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.23-r2/work/glibc-2.23/csu/../csu/libc-start.c:289
#15 0x41f568 in _start (/mnt/ram/7z/7za+0x41f568)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /f/p7zip/p7zip_16.02/CPP/7zip/Bundles/Alone/../../../../CPP/7zip/Archive/7z/7zIn.cpp:1100:15 in NArchive::N7z::CInArchive::ReadAndDecodePackedStreams(unsigned long long, unsigned long long&, CObjectVector<CBuffer<unsigned char> >&, ICryptoGetTextPassword*, bool&, bool&, UString&)
==8993==ABORTING
Thanks for report!
Fixed code:
7zIn.cpp:
to
Would be nice to have it rolled into 16.03 or so though.
I work only for Windows version code. And I don't work with p7zip/Linux code. And p7zip's developer is not active now. So there are no any new p7zip updates.
Спасибо за разъяснение.
I hope p7zip can soon be updated.