segfault in magic_buffer
christos at zoulas.com
Thu Feb 13 01:14:15 EET 2014
On Feb 12, 11:39pm, gw.file.bgzt at manchmal.in-ulm.de (Christoph Biedl) wrote:
-- Subject: Re: segfault in magic_buffer
| Christos Zoulas wrote...
| > Infinite recursion...
| > --- softmagic.c 8 Jan 2014 22:22:54 -0000 1.172
| > +++ softmagic.c 11 Feb 2014 15:41:13 -0000
| > @@ -1738,6 +1738,8 @@
| > break;
| > case FILE_INDIRECT:
| > + if (offset == 0)
| > + return 0;
| Sorry, but that's not sufficient: A file consisting of a lot of \x01
| values still fills the stack if some specially crafted magic is in
| use, some 24000 octets are needed here. Seems the only feasible
| solution was to count the recursions and stop at a certain depth. I
| cannot imagine why anyone would want to go deeper than two or three
| levels, but even a limit of 50 or 100 wouldn't do harm.
| $ perl -e 'print "\x01" x 25000' >../sample.still-bad
| $ cat ../magic
| 0 byte x
| >(1.b) indirect x
| $ LD_LIBRARY_PATH=src/.libs/ ./src/.libs/file -m ../magic ../sample.still-bad
| Segmentation fault
Sounds reasonable and easy to do....
More information about the File