Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
heap buffer overflow in decompileIF #76
On libming latest version, a heap buffer overflow was found in function decompileIF.
testcase : https://github.com/bestshow/p0cs/blob/master/heap-buffer-overflow-in_decompileIF
This is problematic because
(Also, it even looks like
I don't know the codebase very well, but is there any reason why ming would process a block with
If not, adding a check to avoid processing these blocks would probably be a conceivable solution.
By the way, this issue was assigned ID CVE-2017-11704.
I'm working on it, but the following patch is not sufficient.
Another issue follows
A long block is detected, so length is updated at
Also, length (
Well, here is the problem:
However, changing the type of
For example in our case the fourth call of