Skip to content

MemIOCallback::read has a integer overflow bug #147

Closed
@fatshi

Description

@fatshi

function MemIOCallback::read at line 70 has an integer overflow:
image

POC code as below:

#include "ebml/MemIOCallback.h"

using namespace libebml;

int main() {
    char buff[128] = {};
    MemIOCallback memoryBuffer;

    memoryBuffer.write(buff, 124);

    char outBuff[128];
    memoryBuffer.read(outBuff, 0xfffffffffffffff0);

    return 0;
}

terminal output is:

Process finished with exit code 139 (interrupted by signal 11: SIGSEGV)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions