-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
memory allocation error #88
Comments
This is a good one, it bypasses this check for the size of the offset table:
because offset_size is 0. I will add a check for the sanity of the offset_size. |
sure. my name is Wang Junjie. |
github email address? |
Should be fixed with commit 26061aa |
This was assigned CVE-2017-5835. |
Any plans for a new release? 1.12 is from 2014 and there have been many security fixes since then |
there is a extra large memery allocation error which can be detected by addresssanitizer.
the source code around here are:
bplist.used_indexes = (uint32_t*)malloc(sizeof(uint32_t) * num_objects);
the num_objects equals to a very large number.
poc.txt
The text was updated successfully, but these errors were encountered: