It is possible to cause stack-overflow while calling mtar_write_file_header and passing name of the file larger than 100.
Inside microtar.c strcpy is called which results in overwriting more data than it should.
==73490==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00016b1a687c at pc 0x00010517be68 bp 0x00016b1a6770 sp 0x00016b1a5f20
WRITE of size 201 at 0x00016b1a687c thread T0
#0 0x10517be64 in wrap_strcpy+0x4fc (libclang_rt.asan_osx_dynamic.dylib:arm64+0x4be64) (BuildId: 4947f3677e4435f39b5765e7dbc19bf732000000200000000100000000000b00)
#1 0x104c5dab4 in mtar_write_file_header microtar.c:336
#2 0x104c5a618 in LLVMFuzzerTestOneInput target.cc:19
#3 0x104c76584 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) FuzzerLoop.cpp:617
#4 0x104c75e78 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) FuzzerLoop.cpp:519
#5 0x104c77550 in fuzzer::Fuzzer::MutateAndTestOne() FuzzerLoop.cpp:763
#6 0x104c78394 in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>&) FuzzerLoop.cpp:908
#7 0x104c6773c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) FuzzerDriver.cpp:912
#8 0x104c94570 in main FuzzerMain.cpp:20
#9 0x1a028ff24 (<unknown module>)
#10 0xb47efffffffffffc (<unknown module>)
Attached is a sample crash file.
crash.zip
It is possible to cause stack-overflow while calling
mtar_write_file_headerand passing name of the file larger than 100.Inside microtar.c
strcpyis called which results in overwriting more data than it should.microtar/src/microtar.c
Line 336 in 27076e1
Attached is a sample crash file.
crash.zip