dmg2img null pointer deref
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dmg2img (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hi, I'm testing some widely used software with my fuzzer and I found this bug in dmg2img.
I can't figure out how to contact the author (http://
seems a fork (https:/
The bug is present in the version of dmg2img distributed with Ubuntu 18.04 (the lastest).
In the dmg2img.c file look at this snippet of code:
char *_blkx_begin = strstr(plist, blkx_begin);
blkx_size = strstr(_blkx_begin, list_end) - _blkx_begin;
blkx = (char *)malloc(blkx_size + 1);
memcpy(blkx, _blkx_begin, blkx_size);
blkx[blkx_size] = '\0';
This lead to a null ptr deref at line 2 when the strstr at line 1 fails.
I attach a testcase that triggers the bug.
I hope I was helpful,
Goodbye.
affects: | launchpad → dmg2img (Ubuntu) |
tags: | removed: dmg2img |