Bug 743389 – gcab crashes with some invalid CAB files

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 743389 - gcab crashes with some invalid CAB files


Summary:	gcab crashes with some invalid CAB files


Status:	RESOLVED FIXED

Product:	msitools
Classification:	Other
Component:	general
Version:	0.93
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	1.0
Assigned To:	msitools maintainer(s)
QA Contact:	msitools maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-01-23 06:09 UTC by Stephen Kitt
Modified:	2015-03-12 19:59 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Fix for the AFL-detected crashes (4.14 KB, patch) 2015-01-23 06:09 UTC, Stephen Kitt	none	Details \| Review
Fix for the AFL-detected crashes (7.85 KB, patch) 2015-01-25 17:19 UTC, Stephen Kitt	accepted-commit_now	Details \| Review
Fix for the AFL-detected crashes (8.36 KB, patch) 2015-03-12 05:54 UTC, Stephen Kitt	committed	Details \| Review
Fix for the AFL-detected crashes (9.43 KB, patch) 2015-03-12 19:59 UTC, Marc-Andre Lureau	committed	Details \| Review

Description Stephen Kitt 2015-01-23 06:09:08 UTC

Created attachment 295253 [details] [review]
Fix for the AFL-detected crashes

Jakub Wilk pointed out at https://bugs.debian.org/775941 that AFL (http://lcamtuf.coredump.cx/afl/) finds quite a few crashes caused by invalid CABs. They're mostly due to either missing input validation or error paths which don't fill in error information; the attached patch fixes these.

With the patch applied AFL no longer finds any crashes.

Comment 1 Stephen Kitt 2015-01-23 06:18:14 UTC

I should add that "AFL no longer finds any crashes" within the limits of my tests...

Comment 2 Stephen Kitt 2015-01-25 17:19:37 UTC

Created attachment 295385 [details] [review]
Fix for the AFL-detected crashes

This new version fixes all the crashes found when extracting files (the first series covered '-t' only).

Comment 3 Stephen Kitt 2015-03-12 05:54:06 UTC

Created attachment 299149 [details] [review]
Fix for the AFL-detected crashes

This is the updated patch for gcab 0.5.

Comment 4 Marc-Andre Lureau 2015-03-12 11:49:25 UTC

Review of attachment 295385 [details] [review]:

patch looks good, ack

Comment 5 Marc-Andre Lureau 2015-03-12 11:49:50 UTC

Review of attachment 299149 [details] [review]:

ack

Comment 6 Marc-Andre Lureau 2015-03-12 19:58:46 UTC

The following fix has been pushed:
be1d0a2 Fix for the AFL-detected crashes

Comment 7 Marc-Andre Lureau 2015-03-12 19:59:07 UTC

Created attachment 299234 [details] [review]
Fix for the AFL-detected crashes

Jakub Wilk pointed out at https://bugs.debian.org/775941 that
AFL (http://lcamtuf.coredump.cx/afl/) finds quite a few crashes caused
by invalid CABs. They're mostly due to either missing input validation
or error paths which don't fill in error information; the attached patch
fixes these.

With the patch applied AFL no longer finds any crashes.