Null dereference in cache_infile_structure
The attached file, null-deref.msi, causes msiinfo
to crash with a null dereference in cache_infile_structure
:
$ gdb --args msiinfo suminfo null-deref.msi
(gdb) run
Starting program: /usr/bin/msiinfo suminfo null-deref.msi
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
(msiinfo:16970): libgsf:msole-CRITICAL **: 14:51:35.350: ole_dirent_new: assertion 'entry <= G_MAXUINT / DIRENT_SIZE' failed
(msiinfo:16970): libgsf:msole-CRITICAL **: 14:51:35.350: ole_dirent_new: assertion 'entry <= G_MAXUINT / DIRENT_SIZE' failed
(msiinfo:16970): libgsf:msole-CRITICAL **: 14:51:35.350: ole_dirent_new: assertion 'entry <= G_MAXUINT / DIRENT_SIZE' failed
(msiinfo:16970): libgsf:msole-CRITICAL **: 14:51:35.350: ole_dirent_new: assertion 'entry <= G_MAXUINT / DIRENT_SIZE' failed
(msiinfo:16970): libgsf:msole-WARNING **: 14:51:35.350: A non directory stream with children ?
(msiinfo:16970): libgsf:msole-WARNING **: 14:51:35.350: This OLE2 file is invalid.
The Block Allocation Table for one of the streams had 0x30303030 instead of a terminator (0xfffffffe).
We might still be able to extract some data, but you'll want to check the file.
(msiinfo:16970): libgsf:msole-WARNING **: 14:51:35.350: This OLE2 file is invalid.
The Block Allocation Table for one of the streams had 0x30303030 instead of a terminator (0xfffffffe).
We might still be able to extract some data, but you'll want to check the file.
(msiinfo:16970): libgsf:msole-WARNING **: 14:51:35.350: This OLE2 file is invalid.
The Block Allocation Table for one of the streams had 0x30303030 instead of a terminator (0xfffffffe).
We might still be able to extract some data, but you'll want to check the file.
(msiinfo:16970): libgsf:msole-WARNING **: 14:51:35.350: Small-block file '' has insufficient blocks (0) for the stated size (1072)
** (msiinfo:16970): WARNING **: 14:51:35.350: Unable to get child[0] for infile '?' because : insufficient blocks
** (msiinfo:16970): CRITICAL **: 14:51:35.350: gsf_input_name: assertion 'GSF_IS_INPUT (input)' failed
Program received signal SIGSEGV, Segmentation fault.
cache_infile_structure (db=0x55555557d040) at ../libmsi/libmsi-database.c:2129
2129 ../libmsi/libmsi-database.c: No such file or directory.
(gdb) bt
#0 0x00007ffff7f547a2 in cache_infile_structure (db=0x55555557d040) at ../libmsi/libmsi-database.c:2129
#1 0x00007ffff7f547a2 in _libmsi_database_open (db=db@entry=0x55555557d040) at ../libmsi/libmsi-database.c:2199
#2 0x00007ffff7f56281 in init (error=0x0, self=0x55555557d040) at ../libmsi/libmsi-database.c:2575
#3 0x00007ffff7f56281 in libmsi_database_new
(path=<optimized out>, flags=flags@entry=1, persist=persist@entry=0x0, error=error@entry=0x7fffffffdd80)
at ../libmsi/libmsi-database.c:2618
#4 0x0000555555556930 in cmd_suminfo (cmd=<optimized out>, argc=<optimized out>, argv=<optimized out>, error=0x7fffffffdd80)
at ../tools/msiinfo.c:302
#5 0x00005555555563af in main (argc=3, argv=0x7fffffffde88) at ../tools/msiinfo.c:770
Forwarded from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871504