Closed jlitewski closed 1 month ago
Depends on what the data stored in that pointer does in that particular code path.
If its not used, free is ok to call onto it since its a local pointer.
@iceman1001 ... this does appear to be a memory corruption.
Here's one codepath:
edata
is declared at line 546.edata
stores allocation from BigBuf_malloc()
at line 580break
at line 598 exits only the inner switch statement of lines 566-631edata
is then passed to free()
, even though it was not allocated by alloc()
.@jlitewski -- Looks to me like you found a memory corruption bug caused by mismatch allocator / deallocator.
Nice catch!
Its even worse, since we don't use any malloc/calloc, but a bigbuffer alloc, we never should use a call to free
Its a bug.
Now I'm not a smart man, but this could possibly cause problems, correct? Seems to have been here for about 4 years now.
https://github.com/RfidResearchGroup/proxmark3/blame/2bc7c5030234e43a1436d98bb7f5fec34802f29c/armsrc/desfire_crypto.c#L633