New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-use-after-free in decompileIF #105
Comments
|
Yes, I could reproduce this issue on a fresh master branch. I'll investigate the issue and request a CVE id if needed. Thanks. |
|
Hello, There are other open issues in the project. (ex. memory leak/ Bug number ) Are these problems resolved? Thanks. |
|
If you are speaking about #71, #72, #73 and #74, no, they are not fixed yet (I did not even try to reproduce all of them, that's why they didn't necessarily got a CVE number assigned) and I am probably not going to work on these issues in the next weeks. Feel free to PR. ;) #104 and the other issues in listfdb are currently being worked on. #102 is a duplicate and should be closed soon. |
|
FTR, this issue was assigned id CVE-2018-6359. |
The decompileIF function in util/decompile.c accesses actions array without checking the validity of n, the user entered index. This leads to heap-use-after-free issues when n is zero. This commit addresses this issue by using the OpCode function which does check input arguments. This commit fixes libming#105 (CVE-2018-6359).
The decompileIF function in util/decompile.c accesses actions array without checking the validity of n, the user entered index. This leads to heap-use-after-free issues when n is zero. This commit addresses this issue by using the OpCode function which does check input arguments. This commit fixes libming#105 (CVE-2018-6359).
Instead of directly accessing the actions array without checks for the value of n (which may lead to heap buffer overflow etc, see libming#83 or libming#105), use the dedicated OpCode function.
Instead of directly accessing the actions array without checks for the value of n (which may lead to heap buffer overflow etc, see libming#83 or libming#105), use the dedicated OpCode function.
Hello.
I found a heap-use-after-free bug in libming.
Please confirm.
Thanks.
Summary: heap-use-after-free
OS: CentOS 7 64bit
Version: 3120f1c
PoC Download: free_decompileIF.zip
Steps to reproduce:
1.Download the .POC files.
2.Compile the source code with ASan.
3.Execute the following command
: ./swftocxx $POC /dev/null
=================
[Acknowledgement]
This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]
The text was updated successfully, but these errors were encountered: