Describe
A crafted b2frame input can trigger a heap-buffer-overflow while parsing/decompressing with c-blosc2.
I have a detailed root-cause analysis, AddressSanitizer log, and a reproducer input. Since this is a memory-safety issue, I would prefer to share the full technical details and the crashing input privately first.
Could you please let me know the preferred private reporting channel for this project?
If email is preferred, I can send the full report to blosc@blosc.org or to any other address you recommend.
System information
OS: Ubuntu 24.04.3 LTS x86_64
Compiler: clang with AddressSanitizer
Version: c-blosc2 reports 2.22.1.dev ($Date:: 2025-10-28 )
glibc: 2.39
Target binary: examples/decompress_file
Describe
A crafted b2frame input can trigger a heap-buffer-overflow while parsing/decompressing with c-blosc2.
I have a detailed root-cause analysis, AddressSanitizer log, and a reproducer input. Since this is a memory-safety issue, I would prefer to share the full technical details and the crashing input privately first.
Could you please let me know the preferred private reporting channel for this project?
If email is preferred, I can send the full report to blosc@blosc.org or to any other address you recommend.
System information
OS: Ubuntu 24.04.3 LTS x86_64
Compiler: clang with AddressSanitizer
Version: c-blosc2 reports 2.22.1.dev ($Date:: 2025-10-28 )
glibc: 2.39
Target binary: examples/decompress_file