Monthly Archives: May 2017

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==4026==ERROR: AddressSanitizer: heap-use-after-free on address 0x62100000dd00 at pc 0x0000004bccc5 bp 0x7ffcf3b4d9f0 sp 0x7ffcf3b4d1a0 READ of size 1 … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==25584==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ef33 at pc 0x00000045246e bp 0x7ffd881d4970 sp 0x7ffd881d4120 WRITE of size 8 … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==3311==ERROR: AddressSanitizer: SEGV on unknown address 0x602000010000 (pc 0x7f75cabe8834 bp 0x62100002c11f sp 0x7f7085ab4d78 T5) ==3311==The signal is … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==1329==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000002d0 (pc 0x7fa931ad7660 bp 0x7ffff4a30c30 sp 0x7ffff4a309f8 T0) ==1329==The signal is … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE ==24966==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000005e7caa bp 0x7f7c755a58d0 sp 0x7f7c755a5870 T2) ==24966==The signal is … Continue reading →

Description: lrzip is a compression utility that excels at compressing large files. The complete ASan output of the issue: # lrzip -t $FILE Decompressing… ASAN:DEADLYSIGNAL ================================================================= ==8026==ERROR: AddressSanitizer: FPE on unknown address 0x0000005e7957 (pc 0x0000005e7957 bp 0x7fcdf9ba58d0 sp 0x7fcdf9ba5870 T1) … Continue reading →

Description: libarchive is a multi-format archive and compression library. In the 2016 I reported two heap-based buffer over-read to libarchive. They appear to have already been fixed in the trunk when I reported them; here are the details: # bsdtar … Continue reading →

Description: Telegram-desktop is the official desktop client for Telegram. During the navigation of my filesystem I found the .TelegramDesktop with 755 permission: drwxr-xr-x 4 ago ago 4096 nov 23 14:30 .TelegramDesktop Affected version: At least from 0.10.19 to 1.0.29 Fixed … Continue reading →