Melee GCI Compiler is an application and scripting language that makes it easy for Super Smash Bros. Melee mod developers to inject custom code and data into Melee save files.
Mozilla Public License 2.0
34
stars
9
forks
source link
Ironic second buffer overflow (in a buffer overflow exploit) #7
In the provided example !string "UCF Datafile" is placed in a 12-byte region of memory. This does not leave room for the null terminator, and the filename ends up overflowing. As a result, if you try to create a savefile after executing the payload, it crashes on console. In emulator, it throws a warning which can be ignored... but console behavior is a crash.
One possible fix to this would be to just choose a string which is 11 characters or less, leaving room for the null terminator. "UCF Datafi" was tested and works flawlessly on console. Other fixes are of course possible, but that would be the quickest and easiest in the provided example.
Thanks to @UnclePunch for figuring debugging the underlying reason for this.
Hi Dan,
In the provided example
!string "UCF Datafile"
is placed in a 12-byte region of memory. This does not leave room for the null terminator, and the filename ends up overflowing. As a result, if you try to create a savefile after executing the payload, it crashes on console. In emulator, it throws a warning which can be ignored... but console behavior is a crash.One possible fix to this would be to just choose a string which is 11 characters or less, leaving room for the null terminator. "UCF Datafi" was tested and works flawlessly on console. Other fixes are of course possible, but that would be the quickest and easiest in the provided example.
Thanks to @UnclePunch for figuring debugging the underlying reason for this.