New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory corruption bug #93

Closed
zhunki opened this Issue Feb 7, 2017 · 2 comments

Comments

Projects
None yet
3 participants
@zhunki
Contributor

zhunki commented Feb 7, 2017

Hi,
I found a memory corruption bug.
the stack trace is as shown below:
==3249== WARNING: AddressSanitizer failed to allocate 0xfff50001 bytes

==3249== ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x00000000,0xfff50000) and [0xb58017ce, 0xb57517ce) overlap
#0 0xb6183b9a (/usr/lib/i386-linux-gnu/libasan.so.0+0xdb9a)
#1 0x8063d5f in parse_string_node /home/b/asan/libplist/src/bplist.c:292
#2 0x8063d5f in parse_bin_node /home/b/asan/libplist/src/bplist.c:646
#3 0x8063d5f in parse_bin_node_at_index /home/b/asan/libplist/src/bplist.c:733
#4 0x8068eb4 in plist_from_bin /home/b/asan/libplist/src/bplist.c:822
#5 0x804a354 in main /home/b/asan/libplist/tools/plistutil.c:150
#6 0xb5fc4a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)
#7 0x804afa5 in _start (/home/b/asan/libplist/tools/plistutil+0x804afa5)
0xb58017ce is located 14 bytes inside of 55-byte region [0xb58017c0,0xb58017f7)
allocated by thread T0 here:
#0 0xb618c854 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16854)
#1 0x8049962 in main /home/b/asan/libplist/tools/plistutil.c:143
#2 0xb5fc4a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)
SUMMARY: AddressSanitizer: memcpy-param-overlap ??:0 ??
poc.txt

nikias added a commit that referenced this issue Feb 7, 2017

bplist: Make sure to bail out if malloc() fails in parse_string_node()
Credit to Wang Junjie <zhunkibatu@gmail.com> (#93)
@nikias

This comment has been minimized.

Show comment
Hide comment
@nikias

nikias Feb 7, 2017

Member

Fixed with commit fbd8494.

Member

nikias commented Feb 7, 2017

Fixed with commit fbd8494.

@nikias nikias closed this Feb 7, 2017

@carnil

This comment has been minimized.

Show comment
Hide comment
@carnil

carnil Mar 16, 2017

This is CVE-2017-6435

carnil commented Mar 16, 2017

This is CVE-2017-6435

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment