Segmentation fault caused by null pointer dereference during multithread processing in ucompthread, stream.c:1523

Bug #1893917 reported by Doudou Huang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lrzip (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hi, there.

There is a segmentation caused by null pointer dereference that leads to a fatal error during the execution in the newest version 0.631.

This is the output during execution:

Decompressing...
Bad checksum: 0x5b496f91 - expected: 0x2000210c
Fatal error - exiting
Segmentation fault

To reproduce, run:

lrzip -t seg-stream1523

Here is the trace reported by ASAN:

==161258==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000080 (pc 0x00000043f8d8 bp 0x0000007cd680 sp 0x7f811dafdd80 T3)
    #0 0x43f8d7 in ucompthread ../stream.c:1523
    #1 0x7f81218fc6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
    #2 0x7f8120d2e41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../stream.c:1523 ucompthread
Thread T3 created by T0 here:
    #0 0x7f81221941e3 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x361e3)
    #1 0x4516f3 in create_pthread ../stream.c:133
    #2 0x4516f3 in fill_buffer ../stream.c:1699
    #3 0x4516f3 in read_stream ../stream.c:1786

==161258==ABORTING

Revision history for this message
Doudou Huang (tinywhite) wrote :
  • POC Edit (28.0 KiB, application/octet-stream)
Doudou Huang (tinywhite)
information type: Private Security → Public
Doudou Huang (tinywhite)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.