Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Another format that takes really long to unpack (found via fuzzing) #63

Closed
sagamusix opened this issue Mar 17, 2024 · 3 comments · Fixed by #64
Closed

Another format that takes really long to unpack (found via fuzzing) #63

sagamusix opened this issue Mar 17, 2024 · 3 comments · Fixed by #64

Comments

@sagamusix
Copy link
Collaborator

Here's another troublesome file... just 113 bytes, but it takes 1.5 minutes here until ancient is done processing it. Unlike #60, I think this one is not encrypted (the call stack shows it is handled by CompressDecompressor). Maybe this one can be improved as well?

id%3A000009,time%3A0,execs%3A0,orig%3Aid%3A002214,sync%3Afuzzer01,src%3A002196.zip
@temisu
Copy link
Owner

temisu commented Mar 17, 2024

It is essentially an accidental decompression-bomb. (decompressed size before failure was around 1G) I'll add max-checking and while at it, I'll see where else it is missing

@temisu
Copy link
Owner

temisu commented Mar 18, 2024

And it was actually a bug. Also yesterdays px20 fix was broken one. fun fun

@temisu temisu linked a pull request Mar 18, 2024 that will close this issue
More unbounded input fixes. Re-fix for px20 #64
Merged
@sagamusix
Copy link
Collaborator Author

Looks good, both files fail very quickly now :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

More unbounded input fixes. Re-fix for px20 temisu/ancient
2 participants
@sagamusix @temisu