Segmentation fault #2
Description
Fails with this firmware:
http://downloads.linksys.com/downloads/firmware/1224681522523/FW_E900_v1.0.06.002_US_20150108.bin
When using -p 1 (single-threaded) this issue does not occur.
gdb --args ~/tmp/sasquatch/sasquatch -trace 14FE20.squashfs
...
squashfs: Attempting to decompress: [0x68 0x3B 0xDE 0xDE 0xA6 0x0F 0x23 0xDA]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 4, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536
squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 2, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536
squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 3, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536
squashfs: lzma-adaptive decompressor failed! [-1 -3]
Trying to decompress with lzma-alt...
squashfs: retval = -3, outsize = 131072/65536
squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 4, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536
squashfs: lzma-adaptive decompressor failed! [-1 -3]
Trying to decompress with lzma-alt...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff3f71700 (LWP 7417)]
0x0000000000405b2e in LzmaDecoderCodeReal (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff3f60df0, anOutSize=0x7ffff3f60df8) at LZMADecoder.c:207
207 BYTE aMatchByte = OutWindowGetOneByte(0 - aRepDistances[0] - 1);
(gdb) i r
rax 0x8000f3f60e9f 140741581344415
rbx 0x10000 65536
rcx 0x0 0
rdx 0x7ffff3f60ea0 140737286377120
rsi 0x647f2c 6586156
rdi 0x7ffff4761d0d 140737294769421
rbp 0x7ffff4761d70 0x7ffff4761d70
rsp 0x7ffff4761ce0 0x7ffff4761ce0
r8 0xf2 242
r9 0x5 5
r10 0x4022 16418
r11 0x201 513
r12 0x5dab 23979
r13 0x7ffff4761ea0 140737294769824
r14 0x7ffff4771eac 140737294835372
r15 0x10000 65536
rip 0x405b2e 0x405b2e <LzmaDecoderCodeReal+325>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) bt
#0 0x0000000000405b2e in LzmaDecoderCodeReal (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff4761df0, anOutSize=0x7ffff4761df8) at LZMADecoder.c:207
#1 0x0000000000406006 in LzmaDecoderCode (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff4761df0, anOutSize=0x7ffff4761df8) at LZMADecoder.c:354
#2 0x00000000004041a4 in decompress_lzma_alt (in_data=0x83b160 "]", in_size=23979, out_data=0x7ffff4761ea0 "\177EL@ \362\065\065\065\065\065\065\065",
out_size=65536, offset=0) at 7zlzma.c:35
#3 0x0000000000410eb7 in lzma_alt_uncompress (dest=0x7ffff4761ea0, src=0x83b160, size=23979, outsize=65536, error=0x7ffff4771eac) at lzma_wrapper.c:139
#4 0x000000000040fb1e in compressor_uncompress (comp=0x647700 <gzip_comp_ops>, dest=dest@entry=0x7ffff4761ea0, src=0x83b160, size=23979, block_size=65536,
error=error@entry=0x7ffff4771eac) at compressor.c:170
#5 0x00000000004065ae in inflator (arg=<optimized out>) at unsquashfs.c:2195
#6 0x00007ffff7bc4182 in start_thread (arg=0x7ffff4772700) at pthread_create.c:312
#7 0x00007ffff6a7547d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111