search

SciresM / hactool

hactool is a tool to view information about, decrypt, and extract common file formats for the Nintendo Switch, especially Nintendo Content Archives.
ISC License
982 stars 151 forks source link

save_remap_init_segments buffer overflow #91

Open comex opened 4 years ago

comex commented 4 years ago 
==19624==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000b00 at pc 0x0001000020d3 bp 0x7ffeefbc6960 sp 0x7ffeefbc6958
READ of size 8 at 0x606000000b00 thread T0
    #0 0x1000020d2 in save_remap_init_segments save.c:91
    #1 0x100007f90 in save_process save.c:640
    #2 0x1000aae50 in main main.c:731

The logic in this function doesn't really make sense. It repeatedly sets seg->entries to newly allocated buffers of size sizeof(remap_entry_ctx_t) (i.e. only one element), then at the end tries to use it like an array (seg->entries[seg->entry_count - 1]).

shchmue commented 4 years ago

i’m not at a computer but yeah i did push a fix for remap https://github.com/SciresM/hactool/pull/88

SciresM commented 4 years ago

Oh, nice, thanks! Tagging @shchmue -- I have no idea how the save code in here works, heh.

SciresM commented 4 years ago

...Is that a PR waiting my review for like six months?

geez, okay, I'll get that sorted.

shchmue commented 4 years ago

no the oldest commit was that long ago the PR is recent