You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Version 0cf4a55
Stack buffer over found in parse.c in function get_key().
The root cause maybe is in function c_set_k_acc(), the array accs and pits size is 8.
If s->u.key.sf bigger than 7 , then the array accs and pits will access out of index and corrupt the stack, if the value of s->u.key.sf is more bigger, then the stack frame will be corrupted.
static void set_k_acc(struct SYMBOL *s)
{
int i, j, nacc;
char accs[8], pits[8];
...
if (s->u.key.sf > 0) {
for (nacc = 0; nacc < s->u.key.sf; nacc++) {
accs[nacc] = A_SH;
pits[nacc] = sharp_tb[nacc];
}
}
Version 0cf4a55
Stack buffer over found in parse.c in function get_key().
The root cause maybe is in function c_set_k_acc(), the array
accs
andpits
size is 8.If
s->u.key.sf
bigger than 7 , then the arrayaccs
andpits
will access out of index and corrupt the stack, if the value ofs->u.key.sf
is more bigger, then the stack frame will be corrupted.gdb
reproduce :
abcm2ps -E poc
buffer-over-flow_parse.c_set_k_acc.zip
reporter : chiba of topsec alphalab
The text was updated successfully, but these errors were encountered: