New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix memory corruption crash #1823
Conversation
d71cf84
to
f7b8bb6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR!
I agree with the changes, but I don't see a potential double free here.
The issue we're seeing is an out-of-bounds access of the data returned by gpgme_data_release_and_get_mem()
. The call only allocates len
bytes, but profanity is accessing len+1
bytes.
Didn't we already have a similar issue in the same part of the code not long ago? Maybe those parts should be reviewed!?
Please update the commit message, PR title&description accordingly.
Thank you for the review. In fact, there was a consistent crash caused by some payload, which glib claimed to be "double free or corruption". I don't see double free here as well, so probably it's a false positive or rarther "memory corruption" issue, which breaks the execution anyway. I renamed to "memory corruption". Line from |
f7b8bb6
to
fb4a73f
Compare
please also reword the commit message. GH is ephemeral, the Git history will most likely survive this service. |
I thought that I did, probably messed it up on some stage :) Fixed, thanks. |
fb4a73f
to
4c3ac5e
Compare
Mmhh now we have a merge commit in there. Can you just rebase on master instead? |
Under certain circumstances setting plain_str[len] to 0 might lead to crash and it does not follow the best practices as well. This change allows better handling of buffer copying and prevents crash.
In OX implementation gpgme's buffer remains untouched, thus not leading to the crash. But code can be shorter and more concise.
973b500
to
899b26b
Compare
Thanks! |
Read commit messages. For crash payload, contact me.