Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Crash] There is a crash issue caused by cab sample decompression. #2257

Open
gaojh86 opened this issue Jul 4, 2024 · 5 comments
Open

[Crash] There is a crash issue caused by cab sample decompression. #2257

gaojh86 opened this issue Jul 4, 2024 · 5 comments
Labels
component:libarchive triage:need-more-info type:bug

Comments

@gaojh86
Copy link

gaojh86 commented Jul 4, 2024

image
After locating, it is found that a variable is not determined as empty.
image
@gaojh86
Copy link
Author

gaojh86 commented Jul 4, 2024

Add the following judgment to rectify the fault:
image

@kientzle
Copy link
Contributor

kientzle commented Jul 5, 2024

Can you tell us how to get a copy of the CAB file that caused this?

@kientzle
Copy link
Contributor

kientzle commented Jul 5, 2024

I do not know if your fix is correct, or if we should instead ignore memimage when it is missing:

@@ -1168,8  1168,11 @@ cab_checksum_finish(struct archive_read *a)
        l = 4;
        if (cab->cfheader.flags & RESERVE_PRESENT)
                l  = cab->cfheader.cfdata;
-       cfdata->sum_calculated = cab_checksum_cfdata(
-           cfdata->memimage   CFDATA_cbData, l, cfdata->sum_calculated);
        if (cfdata->memimage != NULL) {
                cfdata->sum_calculated = cab_checksum_cfdata(
                    cfdata->memimage   CFDATA_cbData, l, cfdata->sum_calculated);
        }
        if (cfdata->sum_calculated != cfdata->sum) {
 #ifndef DONT_FAIL_ON_CRC_ERROR
                archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,

@gaojh86
Copy link
Author

gaojh86 commented Jul 9, 2024
edited
Loading

Can you tell us how to get a copy of the CAB file that caused this?

Here is the sample:
https://www.virustotal.com/gui/file/e32cb7990f8d8e9c31c0e18e7bb631c7c7ea6c0c05b351967bf4abc07bc47ed5/detection

@evelikov
Copy link
Collaborator

@gaojh86 AFAICT VirusTotal does not allow for downloading of the file. Please attach it here or use another file sharing service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component:libarchive triage:need-more-info type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@evelikov @kientzle @gaojh86