User Activity

  • Posted a comment on ticket #2539 on 7-Zip

    Can you confirm that the LZMA decoder has strict enough bounds checking for all pointer manipulations/dictionary buffer writes/range coder operations to prevent potential overflows or underflows caused by malicious crafted LZMA streams? Does the decoder validate all LZMA stream properties like lc and lp and guarantee that bufLimit and dictionary size constraints are enforced at every decoding step? Otherwise I just see it as an valid exploit, but poorly written.

  • Posted a comment on ticket #2539 on 7-Zip

    No, I'm not even claiming the 'exploit' is real or fake or a troll or whatever. I'm asking you to verify the impossibility of an exploit using the same methodology.

  • Posted a comment on ticket #2539 on 7-Zip

    The claim that the exploit comment is false is technically correct but misleading. While RC_Norm is a macro, not a function used in the LZMA encoder and PPMD decodern. However it is not present in LzmaDec.c. However, this does not invalidate the possibility of vulnerabilities in the the decoder because issues like pointer arithmetic and buffer handling could still be exploited. The comment does inaccurately references RC_NORM, but the broader claim about malformed LZMA streams causing vulnerabilities...

  • Posted a comment on ticket #2539 on 7-Zip

    https://pastebin.com/gtnwfrim

View All

Personal Data

Username:
testrunner3
Joined:
2024-12-30 17:46:47.770000

Projects

  • No projects to display.

Personal Tools

Auth0 Logo