Closed #135.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/135#event-1142044203___
Rpm-maint mailing list
Rpm-maint@lists.rpm
The immediate crasher was already addressed, the underlying larger issue of tag
validation will be tracked in #242 from here on.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/
Thanks for the pile of reports, will start looking into them once recovered
from devconf.cz trip.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/135#issuecomment-2762980
I'm attaching another file, this creates a use after free, but it's in the same
line of code, so I assume it's a variation of the same bug.
[rpm-useafterfree-rstrlenhash-rpmstrPoolId.zip](https://github.com/rpm-software-management/rpm/files/736803/rpm-useafterfree-rstrlenhash-rpmstrPoolId.zip)
``
The attached file will cause an out of bounds memory read in rpm (tested with
rpm -i --test [input]).
[rpm-oob-heap-read-rstrlenhash-rpmstrPoolId.zip](https://github.com/rpm-software-management/rpm/files/736801/rpm-oob-heap-read-rstrlenhash-rpmstrPoolId.zip)
Found with american fuzzy lop and add
