New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap buffer overflow in decompileIF #76
Comments
|
Hello,
This is problematic because (Also, it even looks like I don't know the codebase very well, but is there any reason why ming would process a block with If not, adding a check to avoid processing these blocks would probably be a conceivable solution. By the way, this issue was assigned ID CVE-2017-11704. |
|
I don't think there's a reason, no. Please send a pull request adding
the check.
|
|
I'm working on it, but the following patch is not sufficient. Another issue follows A long block is detected, so length is updated at Also, length ( |
|
Well, here is the problem:
However, changing the type of
For example in our case the fourth call of
|
|
I think this issue can be closed now |
|
Closed via #88 |
On libming latest version, a heap buffer overflow was found in function decompileIF.
testcase : https://github.com/bestshow/p0cs/blob/master/heap-buffer-overflow-in_decompileIF
Credit : ADLab of Venustech
The text was updated successfully, but these errors were encountered: