Re: Crash on malformed archive

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crash on malformed archive

From:	Julien Voisin
Subject:	Re: Crash on malformed archive
Date:	Tue, 1 Nov 2022 18:51:15 +0100

Unfortunately, compiling from the current git repo doesn't work, make it exiting with `clang: error: no such file or directory: './parse-datetime.c'.

Also, yes, I was talking about the tar_checksum() [src/list.c] check. We're currently working internally to be able to fuzz binaries at scale, so odds are that I'll reach out once we're there so see how/if we can integrate tar into OSS-Fuzz, to simplify triage/reporting/reproduction/… on your and our end :)

On Sat, 29 Oct 2022 at 14:57, Christian Schoenebeck <schoenebeck@crudebyte.com> wrote:

On Thursday, October 27, 2022 10:29:57 PM CEST Paul Eggert wrote:
> > The reproducer is attached, and you may want to remove the checksum check
> > from tar to reproduce the crash locally.
>
> Sorry, I don't know what is meant by "remove the checksum check". I
> didn't do that, whatever it is.

I think he means bypassing the tar_checksum() [src/list.c] check. You know,
generating random data with a fuzzer and waiting for an entry checksum to be
correct? :)

Best regards,
Christian Schoenebeck

Julien Voisin | ISE - TPS | jvoisin@google.com |

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Crash on malformed archive, Julien Voisin <=
- Re: Crash on malformed archive, Paul Eggert, 2022/11/04
  - Re: Crash on malformed archive, Julien Voisin, 2022/11/17

Next by Date: Appending from non-seekable input like /dev/stdin silently fails
Next by thread: Re: Crash on malformed archive
Index(es):
- Date
- Thread