search

dansalvato / melee-gci-compiler

Melee GCI Compiler is an application and scripting language that makes it easy for Super Smash Bros. Melee mod developers to inject custom code and data into Melee save files.
Mozilla Public License 2.0
34 stars 9 forks source link

Ironic second buffer overflow (in a buffer overflow exploit) #7

Closed Ownasaurus closed 1 year ago

Ownasaurus commented 2 years ago

Hi Dan,

In the provided example !string "UCF Datafile" is placed in a 12-byte region of memory. This does not leave room for the null terminator, and the filename ends up overflowing. As a result, if you try to create a savefile after executing the payload, it crashes on console. In emulator, it throws a warning which can be ignored... but console behavior is a crash.

One possible fix to this would be to just choose a string which is 11 characters or less, leaving room for the null terminator. "UCF Datafi" was tested and works flawlessly on console. Other fixes are of course possible, but that would be the quickest and easiest in the provided example.

Thanks to @UnclePunch for figuring debugging the underlying reason for this.

dansalvato commented 1 year ago

Thanks for the report, ironic indeed. Sorry to take so long to get to it, but a fix has been applied now.

Ownasaurus commented 1 year ago

No problem! We all have busy lives sometimes. Thank you for committing a fix.