Submeter #752603: ckolivas lrzip 0.651 NULL Pointer Dereferenceinformação

Títulockolivas lrzip 0.651 NULL Pointer Dereference
DescriçãoI found a concurrency npd in ucompthread function.This vulnerability also exists in the latest version of the master branch 1242aec. Details can be found here: https://github.com/ckolivas/lrzip/issues/263 . The root cause of this vulnerability is that sinfo->ucthreads can be concurrently set to NULL while it is being accessed. Compile Command: ./autogen.sh CC="gcc -fsanitize=address -fno-omit-frame-pointer -g -O0" CXX="g++ -fsanitize=address -fno-omit-frame-pointer -g -O0" ./configure --enable-static-bin --disable-shared make -j4 PoC file: A crafted PoC is available here, please unzip first. Run Command: ./lrzip -t -p2 ./PoC_NPD AddressSanitizer:DEADLYSIGNAL ================================================================= ==17356==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000080 (pc 0x556a62c35ae9 bp 0x7fa73678add0 sp 0x7fa73678ac40 T3) ==17356==The signal is caused by a READ memory access. ==17356==Hint: address points to the zero page. #0 0x556a62c35ae9 in ucompthread /home/ziiiro/work/eval/vul_repro/lrzip/stream.c:1551 #1 0x7fa739baeac2 in start_thread nptl/pthread_create.c:442 #2 0x7fa739c4084f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/ziiiro/work/eval/vul_repro/lrzip/stream.c:1551 in ucompthread Thread T3 created by T0 here: #0 0x7fa73a140685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x556a62c3e8a6 in create_pthread /home/ziiiro/work/eval/vul_repro/lrzip/stream.c:125 #2 0x556a62c3e8a6 in fill_buffer /home/ziiiro/work/eval/vul_repro/lrzip/stream.c:1725 #3 0x556a62c3e8a6 in read_stream /home/ziiiro/work/eval/vul_repro/lrzip/stream.c:1811 #4 0x556a62c31361 in unzip_literal /home/ziiiro/work/eval/vul_repro/lrzip/runzip.c:162 #5 0x556a62c31361 in runzip_chunk /home/ziiiro/work/eval/vul_repro/lrzip/runzip.c:325 #6 0x556a62c31361 in runzip_fd /home/ziiiro/work/eval/vul_repro/lrzip/runzip.c:387 #7 0x556a62c1ffe3 in decompress_file /home/ziiiro/work/eval/vul_repro/lrzip/lrzip.c:952 #8 0x556a62c16284 in main /home/ziiiro/work/eval/vul_repro/lrzip/main.c:720 #9 0x7fa739b43d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Fonte⚠️ https://github.com/user-attachments/files/21726331/PoC_NPD.zip
Utilizador
 ziiiro (UID 93755)
Submissão05/02/2026 04h41 (há 3 meses)
Moderação08/02/2026 09h19 (3 days later)
EstadoAceite
Entrada VulDB344931 [ckolivas lrzip até 0.651 stream.c ucompthread Negação de Serviço]
Pontos20

Do you need the next level of professionalism?

Upgrade your account now!