Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory allocation error #94

Closed
zhunki opened this issue Feb 8, 2017 · 4 comments
Closed

Memory allocation error #94

zhunki opened this issue Feb 8, 2017 · 4 comments

Comments

@zhunki
Copy link
Contributor

zhunki commented Feb 8, 2017

    ERROR: AddressSanitizer failed to allocate 0xa4063000 (-1543098368) bytes of LargeMmapAllocator: Cannot allocate memory

    #0 0xb61ec4b2 (/usr/lib/i386-linux-gnu/libasan.so.0+0x124b2)
    #1 0xb61f50dc (/usr/lib/i386-linux-gnu/libasan.so.0+0x1b0dc)
    #2 0xb61f8093 (/usr/lib/i386-linux-gnu/libasan.so.0+0x1e093)
    #3 0xb61e22ed (/usr/lib/i386-linux-gnu/libasan.so.0+0x82ed)
    #4 0xb61f088b (/usr/lib/i386-linux-gnu/libasan.so.0+0x1688b)
    #5 0x8063b7c in parse_string_node /home/b/asan/libplist/src/bplist.c:292
    #6 0x8063b7c in parse_bin_node /home/b/asan/libplist/src/bplist.c:668
    #7 0x8063b7c in parse_bin_node_at_index /home/b/asan/libplist/src/bplist.c:755
    #8 0x80632a0 in parse_dict_node /home/b/asan/libplist/src/bplist.c:461
    #9 0x80632a0 in parse_bin_node /home/b/asan/libplist/src/bplist.c:697
    #10 0x80632a0 in parse_bin_node_at_index /home/b/asan/libplist/src/bplist.c:755
    #11 0x8068b30 in plist_from_bin /home/b/asan/libplist/src/bplist.c:844
    #12 0x804a175 in main /home/b/asan/libplist/tools/plistutil.c:150
    #13 0xb6028a82 (/lib/i386-linux-gnu/libc.so.6+0x19a82)
    #14 0x804aef5 in _start (/home/b/asan/libplist/tools/plistutil+0x804aef5)

poc:
min.txt

@nikias
Copy link
Member

nikias commented Feb 15, 2017

This has been fixed by checking if the range of the string data is inside correct range, commit 32ee521.

@nikias nikias closed this as completed Feb 15, 2017
@zhunki
Copy link
Contributor Author

zhunki commented Feb 16, 2017

sure. seems I run a old version.

@nikias
Copy link
Member

nikias commented Feb 16, 2017

Well, I got a similar report via google's OSS-Fuzz which led to a fix before I looked at this ticket :)

@carnil
Copy link

carnil commented Mar 16, 2017

This is CVE-2017-6436

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants