View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000609 | file | General | public | 2025-01-08 06:45 | 2025-01-30 18:36 |
| Reporter | YancyLii | Assigned To | christos | ||
| Priority | urgent | Severity | crash | Reproducibility | always |
| Status | feedback | Resolution | open | ||
| OS | ubuntu | OS Version | 22.04 | ||
| Product Version | 5.46 | ||||
| Summary | 0000609: Out-of-memory Bug in libmagic's add_mlist Function | ||||
| Description | When processing certain input through magic_load_buffers(), libmagic attempts to allocate approximately 32GB of memory (34,359,738,344 bytes) in the add_mlist function, leading to an out-of-memory crash. This indicates a potential integer overflow or input validation issue in buffer size calculations. | ||||
| Steps To Reproduce | 1. Download the attachment tar.gz file and decompress it, then (sudo) execute shell script 2. ./Test_libmagic_2 oom-662137c8ddec9e0091b61b30ba985505aeab69cd 3. Observe the error message | ||||
| Additional Information | The crash occurs when: 1.Input data is passed to magic_load_buffers() 2.During processing in buffer_apprentice(), a call to add_mlist() is made 3.add_mlist() attempts to allocate 34,359,738,344 bytes using calloc 4.The allocation fails due to insufficient memory Stack Trace: 0000008 0x55e691bbdbe2 in add_mlist .../libmagic/src/libmagic/build/src/../../src/apprentice.c:455:22 #9 0x55e691bbd4e0 in buffer_apprentice.../libmagic/src/libmagic/build/src/../../src/apprentice.c:720:8 0000010 0x55e691bbab1b in magic_load_buffers .../libmagic/src/libmagic/build/src/../../src/magic.c:334:9 | ||||
| Tags | libmagic | ||||
|
|
|
|
|
Can't reproduce: [1:35pm] 284>./Test_libmagic_2 oom-662137c8ddec9e0091b61b30ba985505aeab69cd INFO: Seed: 2972006588 INFO: Loaded 1 modules (10 inline 8-bit counters): 10 [0x5c31d5, 0x5c31df), INFO: Loaded 1 PC tables (10 PCs): 10 [0x597a60,0x597b00), ./Test_libmagic_2: Running 1 inputs 1 time(s) each. Running: oom-662137c8ddec9e0091b61b30ba985505aeab69cd Executed oom-662137c8ddec9e0091b61b30ba985505aeab69cd in 2 ms *** *** NOTE: fuzzing was not performed, you have only *** executed the target code on a fixed set of inputs. *** |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-01-08 06:45 | YancyLii | New Issue | |
| 2025-01-08 06:45 | YancyLii | Tag Attached: libmagic | |
| 2025-01-08 06:45 | YancyLii | File Added: Test_libmagic_2.tar.gz | |
| 2025-01-30 18:35 | christos | Assigned To | => christos |
| 2025-01-30 18:35 | christos | Status | new => assigned |
| 2025-01-30 18:36 | christos | Status | assigned => feedback |
| 2025-01-30 18:36 | christos | Note Added: 0004168 |
