D24902: K7Zip: Fix memory use in readAndDecodePackedStreams
Albert Astals Cid
noreply at phabricator.kde.org
Wed Oct 23 22:13:55 BST 2019
aacid created this revision.
Herald added a project: Frameworks.
Herald added a subscriber: kde-frameworks-devel.
aacid requested review of this revision.
REVISION SUMMARY
oss-fuzz has created a file in which inflated size was smaller than unpackSize and thus crc32 was using wrong memory
oss-fuzz warns about uninitialized because QByteArray probably allocates a bit more than asked, but this could very well be a out of bounds memory read
REPOSITORY
R243 KArchive
BRANCH
master
REVISION DETAIL
https://phabricator.kde.org/D24902
AFFECTED FILES
src/k7zip.cpp
To: aacid
Cc: kde-frameworks-devel, apol, dfaure, LeGast00n, GB_2, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20191023/0babf011/attachment.html>
More information about the Kde-frameworks-devel
mailing list