-
-
Notifications
You must be signed in to change notification settings - Fork 430
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap-buffer-overflow in mz_os.c:188 in mz_path_resolve #740
Comments
Where did minizip doesn't complain about it
But this is what
same with
the file appears to have a single local header that contains some crazy values.
|
poc1 is a malformed zip file generated by fuzzer. I used the "-x" flag when testing and it came into a heap-buffer-overflow crash. So maybe you could give a proper prompt when using "-x" to extract malformed files like poc1? |
ok. Running without ASAN triggers a core. Never a good thing to do
When I build with ASAN I see the line numbers where the issue is triggered
|
The issue with this one is a filename of the form See test1.zip for small zip that reproduces the issue. |
Fixed in 4.0.3. Thank you! |
Description
heap-buffer-overflow (/minizip-ng/build/minizip+0x976d) in mz_path_resolve
Version
Replay
ASAN
POC
https://github.com/Akane0721/POC/blob/f37d805631e0a15bea1f15b6e1edfb3246a2e0fc/minizip-ng/poc1
Environment
The text was updated successfully, but these errors were encountered: