7796 – function huft_build may call a NULL array

Bug 7796 - function huft_build may call a NULL array

Summary: function huft_build may call a NULL array

Status:	RESOLVED NEEDINFO

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	1.22.x
Hardware:	PC Linux

Importance:	P5 major
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-13 02:21 UTC by Wangjia
Modified:	2016-02-13 03:36 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wangjia 2015-01-13 02:21:34 UTC

When executing function inflate_block of file "archival/libarchive", huft_build may be called in the form as 
"i = huft_build(ll, 19, 19, NULL, NULL, &inflate_codes_tl, &bl);"
in about line 839, which will cause a segmentation fault. As the forth parameter passed to the function, NULL will be treated as an array of type const unsigned short, and one element of it will be assigned to a variable of type unsigned short(in about line 442). That the fault occurs.
Execute tar command may encounter this problem.

Comment 1 Denys Vlasenko 2015-02-10 21:25:49 UTC

Do you have a reproducer?

Comment 2 Mike Frysinger 2016-02-13 03:36:38 UTC

please show the exact commands you're running and the files you're working with