New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid memory address dereference in decompileSingleArgBuiltInFunctionCall and getString (in util/decompile.c:349) #123
Comments
|
Duplicate of #112. Same issue, different path. |
hlef
added a commit
to hlef/libming
that referenced
this issue
Mar 12, 2018
Constants are usually retrieved from the constant pool without verifying that the pool actually contains them, which may lead to various heap buffer overflow issues. In this patch we add a counter keeping track of how many elements the pool contains, and checks making sure that whenever the pool is accessed, the constant in present in the pool (constant position < pool counter). This patch fixes libming#112 (CVE-2018-7875), fixes libming#123, fixes libming#122.
hlef
added a commit
to hlef/libming
that referenced
this issue
Mar 12, 2018
Constants are usually retrieved from the constant pool without verifying that the pool actually contains them, which may lead to various heap buffer overflow issues. In this patch we add a counter keeping track of how many elements the pool contains, and checks making sure that whenever the pool is accessed, the constant in present in the pool (constant position < pool counter). This patch fixes libming#112 (CVE-2018-7875), fixes libming#123, fixes libming#122.
hlef
added a commit
to hlef/libming
that referenced
this issue
Mar 12, 2018
Constants are usually retrieved from the constant pool without verifying that the pool actually contains them, which may lead to various heap buffer overflow issues. In this patch we add a counter keeping track of how many elements the pool contains, and checks making sure that whenever the pool is accessed, the constant in present in the pool (constant position < pool counter). This patch fixes libming#112 (CVE-2018-7875), libming#120 (CVE-2018-7871), fixes libming#123, fixes libming#122.
This was referenced Mar 12, 2018
hlef
added a commit
to hlef/libming
that referenced
this issue
Mar 12, 2018
Constants are usually retrieved from the constant pool without verifying that the pool actually contains them, which may lead to various heap buffer overflow issues. In this patch we add a counter keeping track of how many elements the pool contains, and checks making sure that whenever the pool is accessed, the constant in present in the pool (constant position < pool counter). Also, do not return "" when a pointer is excepted (it should be legal to free this return value). This patch fixes libming#112 (CVE-2018-7875), fixes libming#120 (CVE-2018-7871), fixes libming#117 (CVE-2018-7870), fixes libming#122, fixes libming#123.
hlef
added a commit
to hlef/libming
that referenced
this issue
Mar 12, 2018
Constants are usually retrieved from the constant pool without verifying that the pool actually contains them, which may lead to various heap buffer overflow issues. In this patch we add a counter keeping track of how many elements the pool contains, and checks making sure that whenever the pool is accessed, the constant in present in the pool (constant position < pool counter). Also, do not return "" when a pointer is excepted (it should be legal to free this return value). This patch fixes libming#112 (CVE-2018-7875), fixes libming#120 (CVE-2018-7871), fixes libming#117 (CVE-2018-7870), fixes libming#122, fixes libming#123.
hlef
added a commit
to hlef/libming
that referenced
this issue
Mar 12, 2018
Constants are usually retrieved from the constant pool without verifying that the pool actually contains them, which may lead to various heap buffer overflow issues. In this patch we add a counter keeping track of how many elements the pool contains, and checks making sure that whenever the pool is accessed, the constant in present in the pool (constant position < pool counter). Also, do not return "" when a pointer is excepted (it should be legal to free this return value). This patch fixes libming#112 (CVE-2018-7875), fixes libming#120 (CVE-2018-7871), fixes libming#117 (CVE-2018-7870), fixes libming#114 (CVE-2018-7872), fixes libming#122, fixes libming#123.
hlef
added a commit
to hlef/libming
that referenced
this issue
Mar 12, 2018
Constants are usually retrieved from the constant pool without verifying that the pool actually contains them, which may lead to various heap buffer overflow issues. In this patch we add a counter keeping track of how many elements the pool contains, and checks making sure that whenever the pool is accessed, the constant in present in the pool (constant position < pool counter). Also, do not return "" when a pointer is excepted (it should be legal to free this return value). This patch fixes libming#112 (CVE-2018-7875), fixes libming#120 (CVE-2018-7871), fixes libming#117 (CVE-2018-7870), fixes libming#114 (CVE-2018-7872), fixes libming#122, fixes libming#113 (CVE-2018-7868), fixes libming#123.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, i found a issue in the libming 0.4.8. It's similar to #112,
but it is crashed by function decompileSingleArgBuiltInFunctionCall to getString .It just cause a Invalid memory address dereference.the details are below(ASAN):
POC FILE:https://github.com/fantasy7082/image_test/blob/master/015-unknown-def-swf-349
The text was updated successfully, but these errors were encountered: