0000640: A FPE (integer overflow) crash in `cvt_64` when run `file` with crafted magicfile - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0000640	file	General	public	2025-04-08 06:58	2025-04-08 06:58

Reporter	Marsman1996	Assigned To
Priority	normal	Severity	crash	Reproducibility	always
Status	new	Resolution	open
Platform	x86_64	OS	Ubuntu	OS Version	24.04.1
Product Version	5.46

Summary	0000640: A FPE (integer overflow) crash in `cvt_64` when run `file` with crafted magicfile
Description	It's a integer overflow problem similar to Bug 636 and would cause FPE crash in x86_64 Ubuntu. With the given PoC, file fall into `int64_t` and `FILE_OPDIVIDE`, the corresponding value is: `p->sl=-9223372036854775808, m->num_mask=-1`. The value of `p->sl` is -9223372036854775808, i.e., 0x8000000000000000, the most negative `int64_t`. Since the most positive `int64_t` is 9223372036854775807, `(int64_t)-9223372036854775808 / (int64_t)-1` will cause a integer overflow. Commit f77a109 fixes the `int32_t` condition, but leaves `int64_t` unfixed. And I checked with `int16_t`, there is no crash though overflow, which is wired.
Steps To Reproduce	1. Compile the latest file from git (i.e., f77a109): ``` $ git clone git@github.com:file/file.git $ cd file $ autoreconf -fi $ mkdir build && cd build $ ../configure --prefix=$PWD/bin $ make && make install ``` 2. Run with the given PoC: ``` $ ./bin/bin/file -m poc-file-f77a109-cvt_64-FPE poc-file-f77a109-cvt_64-FPE ``` file will crash with `[1] 794724 floating point exception ./bin_normal/bin/file -m poc-file-f77a109-cvt_64-FPE`
Tags	libmagic

Date Modified	Username	Field	Change
2025-04-08 06:58	Marsman1996	New Issue
2025-04-08 06:58	Marsman1996	Tag Attached: libmagic
2025-04-08 06:58	Marsman1996	File Added: poc-file-f77a109-cvt_64-FPE