New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Null pointer dereference vulnerability in newVar3 (util/decompile.c:517) #118
Comments
|
Reproducible on latest master, I'll work on a patch. |
|
Hum, here However the code is developed such that I propose the following fix: If the variable contains an invalid string, act like in the I'll submit this patch in the next PR. |
getString (indirectly called by getName) is passed a variable of non standard type 10 (= "PUSH_VARIABLE"), which seems to return the string contained in passed variable, without quotes. If contained string is NULL, a NULL pointer is returned, which later causes NULL pointer dereference. In this patch we address this issue such that if the variable contains an invalid string, we act just like in the PUSH_STRING case. Otherwise a copy of the string is returned. Fixes: libming#118 (CVE-2018-7866).
Hi, i found a null pointer dereference bug in the libming 0.4.8. It crashed in function newVar3.the details are below(ASAN):
POC FILE:https://github.com/fantasy7082/image_test/blob/master/010-NULL-ptr-swf
The text was updated successfully, but these errors were encountered: