Full Disclosure mailing list archives
Re: Unzip *ALL* verisons ;))
From: Joachim Schipper <j.schipper () math uu nl>
Date: Mon, 19 Dec 2005 17:27:15 +0100
On Mon, Dec 19, 2005 at 12:06:07PM +0000, c0ntex wrote:
Just to add to the pot, this little bug has been there a long time, mmm, around 2+ yrs. Any apps calling unzip? Any unzip archives with rather large files? ;) [c0ntex@linuxbox tmp]$ gdb -q unzip (no debugging symbols found)...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) r `perl -e 'print "A" x 5000'` Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'` Reading symbols from shared object read from target memory...(no debugging symbols found)...done. Loaded system supplied DSO at 0xffffe000 (no debugging symbols found)...(no debugging symbols found)...unzip: cannot find or open AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [snip] AAAAAAAAAAAAAA.ZIP. *** glibc detected *** double free or corruption: 0x08075008 *** Program received signal SIGABRT, Aborted. 0xffffe410 in __kernel_vsyscall () (gdb) bt #0 0xffffe410 in __kernel_vsyscall () #1 0x002a2955 in raise () from /lib/tls/libc.so.6 #2 0x002a4319 in abort () from /lib/tls/libc.so.6 #3 0x002dba1b in malloc_printerr () from /lib/tls/libc.so.6 #4 0x002dc4ba in free () from /lib/tls/libc.so.6 #5 0x080543a6 in ?? () #6 0x08075008 in ?? () #7 0x00000005 in ?? () #8 0x00000000 in ?? ()
I cannot reproduce this, either with "A" x 5000 or "A" x 20000. I tested unzip-5.52 on Linux/i386-2.6 and OpenBSD/i386-3.8, and saw no error. Joachim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) Joachim Schipper (Dec 19)
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) Joachim Schipper (Dec 19)
- Re: Unzip *ALL* verisons ;)) deepquest (Dec 19)
- Re: Unzip *ALL* verisons ;)) KF (lists) (Dec 19)
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) KF (lists) (Dec 19)
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) GroundZero Security (Dec 19)
- Re: Unzip *ALL* verisons ;)) Joachim Schipper (Dec 19)
- <Possible follow-ups>
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)