[Bug-tar] NULL pointer dereference in create.c:511:start_private_header().

[x ksi]

Hi All,

I'd like to report a defect in tar v1.30.

Execution of the following command will cause a NULL pointer dereference:

-- cut --
$ /home/s1m0n/tar/tar-asan/src/tar --update -f ./emptyfile
--pax-option=listopt=""
AddressSanitizer:DEADLYSIGNAL
=================================================================
==9757==ERROR: AddressSanitizer: SEGV on unknown address
0x000000000000 (pc 0x7f5d999ab2ec bp 0x7ffdde53add0 sp 0x7ffdde53a558
T0)
==9757==The signal is caused by a WRITE memory access.
==9757==Hint: address points to the zero page.
    #0 0x7f5d999ab2eb  (/lib/x86_64-linux-gnu/libc.so.6+0x15b2eb)
    #1 0x7f5d99aa3d45 in __interceptor_memset
../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:709
    #2 0x557d5884fb22 in memset
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
    #3 0x557d5884fb22 in start_private_header
/home/s1m0n/tar/tar-asan/src/create.c:511
    #4 0x557d58892229 in xheader_write
/home/s1m0n/tar/tar-asan/src/xheader.c:410
    #5 0x557d58892877 in xheader_write_global
/home/s1m0n/tar/tar-asan/src/xheader.c:456
    #6 0x557d5882d02f in buffer_write_global_xheader
/home/s1m0n/tar/tar-asan/src/buffer.c:209
    #7 0x557d5891b6af in update_archive
/home/s1m0n/tar/tar-asan/src/update.c:114
    #8 0x557d58825304 in main /home/s1m0n/tar/tar-asan/src/tar.c:2716
    #9 0x7f5d99872b16 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x22b16)
    #10 0x557d5882aaa9 in _start (/home/s1m0n/tar/tar-asan/src/tar+0x9eaa9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x15b2eb)
==9757==ABORTING
-- cut --

Please let me know if you have any questions.


Thanks,
Filip Palian