D24902: K7Zip: Fix memory use in readAndDecodePackedStreams

Albert Astals Cid noreply at phabricator.kde.org
Wed Oct 23 22:13:55 BST 2019


aacid created this revision.
Herald added a project: Frameworks.
Herald added a subscriber: kde-frameworks-devel.
aacid requested review of this revision.

REVISION SUMMARY
  oss-fuzz has created a file in which inflated size was smaller than unpackSize and thus crc32 was using wrong memory
  oss-fuzz warns about uninitialized because QByteArray probably allocates a bit more than asked, but this could very well be a out of bounds memory read

REPOSITORY
  R243 KArchive

BRANCH
  master

REVISION DETAIL
  https://phabricator.kde.org/D24902

AFFECTED FILES
  src/k7zip.cpp

To: aacid
Cc: kde-frameworks-devel, apol, dfaure, LeGast00n, GB_2, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20191023/0babf011/attachment.html>


More information about the Kde-frameworks-devel mailing list