0000609: Out-of-memory Bug in libmagic's add_mlist Function

ID	Project	Category	View Status	Date Submitted	Last Update

0000609	file	General	public	2025-01-08 06:45	2025-01-08 06:45

Reporter	YancyLii	Assigned To
Priority	urgent	Severity	crash	Reproducibility	always
Status	new	Resolution	open
OS	ubuntu	OS Version	22.04
Product Version	5.46

Summary	0000609: Out-of-memory Bug in libmagic's add_mlist Function
Description	When processing certain input through magic_load_buffers(), libmagic attempts to allocate approximately 32GB of memory (34,359,738,344 bytes) in the add_mlist function, leading to an out-of-memory crash. This indicates a potential integer overflow or input validation issue in buffer size calculations.
Steps To Reproduce	1. Download the attachment tar.gz file and decompress it, then (sudo) execute shell script 2. ./Test_libmagic_2 oom-662137c8ddec9e0091b61b30ba985505aeab69cd 3. Observe the error message
Additional Information	The crash occurs when: 1.Input data is passed to magic_load_buffers() 2.During processing in buffer_apprentice(), a call to add_mlist() is made 3.add_mlist() attempts to allocate 34,359,738,344 bytes using calloc 4.The allocation fails due to insufficient memory Stack Trace: 0000008 0x55e691bbdbe2 in add_mlist .../libmagic/src/libmagic/build/src/../../src/apprentice.c:455:22 #9 0x55e691bbd4e0 in buffer_apprentice.../libmagic/src/libmagic/build/src/../../src/apprentice.c:720:8 0000010 0x55e691bbab1b in magic_load_buffers .../libmagic/src/libmagic/build/src/../../src/magic.c:334:9
Tags	libmagic

Date Modified	Username	Field
2025-01-08 06:45	YancyLii	New Issue
2025-01-08 06:45	YancyLii	Tag Attached: libmagic
2025-01-08 06:45	YancyLii	File Added: Test_libmagic_2.tar.gz

YancyLii 2025-01-08 06:45 reporter	Test_libmagic_2.tar.gz (1,378 bytes)