Description of problem: busybox embeds (n)compress code in its libunarchive/libarchive. This embedded copy has not been patched for the following bug: https://bugs.gentoo.org/show_bug.cgi?id=141728 http://ncompress.git.sourceforge.net/git/gitweb.cgi?p=ncompress/ncompress;a=commitdiff;h=e21aad4a5a3ba0b6c2279b28a80f85b0b226a175 Steps to Reproduce: $ perl -e 'print "\x1f\x9d\x90","\x01"x"2048"' | busybox uncompress Segmentation fault
bss or heap, depending on the version, it seems.
Fixed in upstream git: commit 251fc70e9722f931eec23a34030d05ba5f747b0e Author: Denys Vlasenko <vda.linux> Date: Thu Aug 18 14:29:41 2011 +0200 uncompress: fix buffer underrun by corrupted input Fix for the latest release: http://busybox.net/downloads/fixes-1.19.0/busybox-1.19.0-uncompress.patch
F17 is rebased to busybox-1.19.3, which contains this fix