Bug 7796

Summary: function huft_build may call a NULL array
Product: Busybox Reporter: Wangjia <wangjia>
Component: OtherAssignee: unassigned
Status: RESOLVED NEEDINFO    
Severity: major CC: busybox-cvs
Priority: P5    
Version: 1.22.x   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Host: Target:
Build:

Description Wangjia 2015-01-13 02:21:34 UTC 
When executing function inflate_block of file "archival/libarchive", huft_build may be called in the form as 
"i = huft_build(ll, 19, 19, NULL, NULL, &inflate_codes_tl, &bl);"
in about line 839, which will cause a segmentation fault. As the forth parameter passed to the function, NULL will be treated as an array of type const unsigned short, and one element of it will be assigned to a variable of type unsigned short(in about line 442). That the fault occurs.
Execute tar command may encounter this problem.
Comment 1 Denys Vlasenko 2015-02-10 21:25:49 UTC 
Do you have a reproducer?
Comment 2 Mike Frysinger 2016-02-13 03:36:38 UTC 
please show the exact commands you're running and the files you're working with