New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory corruption bug #93

zhunki opened this Issue Feb 7, 2017 · 2 comments


None yet
3 participants

zhunki commented Feb 7, 2017

I found a memory corruption bug.
the stack trace is as shown below:
==3249== WARNING: AddressSanitizer failed to allocate 0xfff50001 bytes

==3249== ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x00000000,0xfff50000) and [0xb58017ce, 0xb57517ce) overlap
#0 0xb6183b9a (/usr/lib/i386-linux-gnu/
#1 0x8063d5f in parse_string_node /home/b/asan/libplist/src/bplist.c:292
#2 0x8063d5f in parse_bin_node /home/b/asan/libplist/src/bplist.c:646
#3 0x8063d5f in parse_bin_node_at_index /home/b/asan/libplist/src/bplist.c:733
#4 0x8068eb4 in plist_from_bin /home/b/asan/libplist/src/bplist.c:822
#5 0x804a354 in main /home/b/asan/libplist/tools/plistutil.c:150
#6 0xb5fc4a82 (/lib/i386-linux-gnu/
#7 0x804afa5 in _start (/home/b/asan/libplist/tools/plistutil+0x804afa5)
0xb58017ce is located 14 bytes inside of 55-byte region [0xb58017c0,0xb58017f7)
allocated by thread T0 here:
#0 0xb618c854 (/usr/lib/i386-linux-gnu/
#1 0x8049962 in main /home/b/asan/libplist/tools/plistutil.c:143
#2 0xb5fc4a82 (/lib/i386-linux-gnu/
SUMMARY: AddressSanitizer: memcpy-param-overlap ??:0 ??

nikias added a commit that referenced this issue Feb 7, 2017

bplist: Make sure to bail out if malloc() fails in parse_string_node()
Credit to Wang Junjie <> (#93)

This comment has been minimized.

Show comment
Hide comment

nikias Feb 7, 2017


Fixed with commit fbd8494.


nikias commented Feb 7, 2017

Fixed with commit fbd8494.

@nikias nikias closed this Feb 7, 2017


This comment has been minimized.

Show comment
Hide comment

carnil Mar 16, 2017

This is CVE-2017-6435

carnil commented Mar 16, 2017

This is CVE-2017-6435

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment