List Archive


Thread Index


From: Thomas Klausner <>
To: Hanno Böck <>
Subject: Re: [patch] fix use after free in ziptool / cat
Date: Tue, 18 Oct 2016 13:32:35 +0200

On Tue, Oct 18, 2016 at 01:22:43PM +0200, Hanno Böck wrote:
> Attached is a malformed zip file that will expose a use after free bug
> in ziptool's cat functionality. Test with "ziptool [file] cat 0" (you
> may need to use a memory safety tool like address sanitizer to see this
> bug).
> The problem is that zip_fclose is called on the file handler zf and then
> zip_file_strerror is called on zf after that. Switching the zip_fclose
> and the error message command should fix that, see attached patch.
> This bug was found with the tool american fuzzy lop. Please note that
> it only affects the command line tool ziptool, not the libzip library
> itself.

Thank you, committed and pushed!

Let me know if you find any more problems.

Made by MHonArc.