iceman1001
commented
1 month ago Depends on what the data stored in that pointer does in that particular code path.
If its not used, free is ok to call onto it since its a local pointer.
Closed jlitewski closed 1 month ago
iceman1001
commented
1 month ago Depends on what the data stored in that pointer does in that particular code path.
If its not used, free is ok to call onto it since its a local pointer.
henrygab
commented
1 month ago @iceman1001 ... this does appear to be a memory corruption.
Here's one codepath:
edata is declared at line 546.edata stores allocation from BigBuf_malloc() at line 580break at line 598 exits only the inner switch statement of lines 566-631edata is then passed to free(), even though it was not allocated by alloc().@jlitewski -- Looks to me like you found a memory corruption bug caused by mismatch allocator / deallocator.
Nice catch!
iceman1001
commented
1 month ago Its even worse, since we don't use any malloc/calloc, but a bigbuffer alloc, we never should use a call to free
Its a bug.
Now I'm not a smart man, but this could possibly cause problems, correct? Seems to have been here for about 4 years now.
https://github.com/RfidResearchGroup/proxmark3/blame/2bc7c5030234e43a1436d98bb7f5fec34802f29c/armsrc/desfire_crypto.c#L633