New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap buffer overflow in OpCode (via decompileSETMEMBER) #82
Comments
|
Calling
However calling This issue is not only present in There are two obvious solutions to me:
I'd rather go for 2). Such a patch would probably fix #81 and #79 (and maybe many, many other issues) at the same time. By the way, this vulnerability was assigned ID CVE-2017-11728. |
|
I'm for option 2 too !
Maybe consider also printing a warning in that case ?
|
|
Hum, yes we could print a warning, but rather for debug purpose ? I'm not sure it would be interesting information for end users. I'll submit another PR after #88 is merged. |
|
Hum, looks like there's another problem. In This is fine as long as
I'd suggest adding a check in |
|
On Tue, Oct 03, 2017 at 01:52:46AM -0700, Hugo Lefeuvre wrote:
I'd suggest adding a check in `readBytes`, so that `size < 0` produces the same result as `size = 0`.
You're probably the one knowing more about that code by now,
so I trust you to do the right thing here.
There are a few tests for decompiling, so as long as those
pass I'm ok.
|
On libming latest version, a heap buffer overflow was found in function OpCode .
testcase : https://github.com/bestshow/p0cs/blob/master/heap-buffer-overflow-in_OpCode_by_decompileSETMEMBER
Credit : ADLab of Venustech
The text was updated successfully, but these errors were encountered: