[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-xorriso] Crash in xorriso with fix

From: Eliska Svobodova
Subject: [Bug-xorriso] Crash in xorriso with fix
Date: Tue, 23 Jul 2019 17:32:11 +0200

we discovered a bug which can cause Segmentation Fault.
It happens when xorriso with parameter -setfacl is given a file with too many users for one file. It is caused by leaving a cursor-pointer inside reallocated memory.
* run the script (it wil create a directory with test files)
* run command:
xorriso -outdev out.img -map . / -setfacl_list Test_dir/File_with_users
When reallocating in xorriso/opts_p_z.c on line 927, the pointer wpt is left on the old position which is now outside allocated memory.
Save where in the old memory was wpt and after realloc move it to the same position according to buf pointer.
Next add a function that controls the overrun when sprinting access_acl_text into xorriso->info_text (buffer could be huge). If the printed string was too big to fit into xorriso->info_text, the function adds at the end message that the string was truncated.

Attachment: test_script
Description: Binary data

Attachment: libisoburn_invalid_pointer_after_realloc.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]