New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Double Free Vulnerability #123
Comments
Gravity Double Free Vulnerability4/7/2017 |
|
Thanks @blindfuzzy and @tylerp96 , this is a very good catch. |
|
Issue remains after fix same crash file against the latest Gravity as of 20mins ago:
Would you like the coredump @marcobambini? This should remain open until it is resolved 100%. |
|
@blindfuzzy I just retested again your example and everything worked as expected to me. |
|
@marcobambini this is the test case that is still causing the double free to occur. Anyway I can send you the coredump? |
|
@blindfuzzy don't you receive a "RUNTIME ERROR: Unable to bind method to a Gravity core class." error? |
|
@marcobambini this is the error after running both with and without ASAN: "RUNTIME ERROR: Unable to find f2 into class foo" Here is the backtrace of the last crash: |
|
@blindfuzzy I don't think you are running the latest version, there should be a "RUNTIME ERROR: Unable to bind method to a Gravity core class." first. |
|
@marcobambini very strange must of been a delay between the commit and it updating through to me git cloning. I nuked what I had and re-made everything and the issue is resolved now. |
Tested against latest updates and the issue still remains.. @marcobambini
I found a Double Free vulnerability while fuzzing Gravity. I have attached the Valgrind output as well. If the crash and/or core dump file is needed let me know and I will get those to you as well.
Gravity_valgrind.txt
ASAN output:
POC thanks to @tylerp96 :
The text was updated successfully, but these errors were encountered: