Lack of Validation Check for r_asm_pseudo_incbin
at libr/asm/asm.c
#15545
Labels
Milestone
r_asm_pseudo_incbin
at libr/asm/asm.c
#15545
Work environment
Expected behavior
Actual behavior
$ r2 malloc://1024 [0x00000000]> /a .incbin NoExistFile 0 0 Segmentation fault
Steps to reproduce the behavior
Additional Logs, screenshots, source-code, configuration dump, ...
At libr/asm/asm.c, the lack of validation check of variable content will cause crash and arbitrary read via craft input.
below is the vulnerable code.
If
r_file_slurp
tries to open an invalid file,content
will be NULL. Later, becauseskip
is the input number,r_buf_new_with_string (content + skip)
will cause crash, or arbitrary write via crafted input.The text was updated successfully, but these errors were encountered: