I'm not an expert, but I tried running the current GitHub source through a debugger.
The problematic line seems to be in read_fs.c: https://github.com/plougher/squashfs- tools/blob/7d7f2da27d5c39de89c5fae61eb611666f297c03/squashfs- tools/read_fs.c#L678 memcpy(dire->name, directory_table + bytes, dire->size + 1); dire->size is 65535. I'm attaching the 'crash.sfs' file I created (with mksquashfs -p '/ f 444 root root echo'). (If the crash.sfs file itself is invalid, I guess that's a separate issue.) ** Attachment added: "mksquashfs /tmp/empty/ /tmp/crash.sfs -p '/ f 444 root root echo'" https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1745757/+attachment/5044532/+files/crash.sfs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745757 Title: Buffer overflow adding to archive with pseudo file at '/' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1745757/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
