![]() ![]() ![]() home/browa22-ext/file/output/host/bin/mips-buildroot-linux-musl-gcc -DHAVE_CONFIG_H -I. Just run `./poc.out` is enough to reproduce this issue. configure -enable-static -enable-fsect-man5 -disable-libseccomp -disable-xzlib -disable-bzlib -disable-zlibĬlang++ -fsanitize=address -g -O0 -I/libmagic/include poc.cc -o poc.out /libmagic/lib/libmagic.a This bug can be cause an out-of-bound read issue via craft magic files.Įxtern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) $SANITIZER_FLAGS -stdlib=libc++" I found a heap buffer overflow bug in function check_buffer() (at file apprentice.c:3358:6), triggered via the public API :įile_public int magic_load_buffers(struct magic_set *ms, void **bufs, size_t *sizes, size_t nbufs). m3u files to audio/x-mpegurl following shared-mime-info database: īuffer-overflow in check_buffer() (apprentice.c:3358:6) The correct mime type would be: application/x-ios-app I came across a file where the `file` seems to fail deducing the mime type correctly. If you're interested, please let me know.įile fails to classify OnionBrowser.ipa correctly I think that this set can be used as a foundation for modern libmagic's CI pipeline, which hopefully will prevent from such kind of regression bugs. Our QA engineers maintain set of files of various formats. I think that the expected result is "audio/mpeg".Īlso I would like to notice that at the place were I work now we use libmagic in many services, and we're interested in high quality of mime-type detection. ➜ attachments git:(UCS-5425) file -mime-type audio.mp3 Magic file from /etc/magic:/usr/share/misc/magic Mp3 file is determined as "audio/mpegapplication/x-tar" ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |