search

facebook / fishhook

A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
BSD 3-Clause "New" or "Revised" License
5.17k stars 965 forks source link

Added safety checks to fishhook.c #62

Closed chrisspankroy closed 4 years ago

chrisspankroy commented 5 years ago

Fixes a crash that would occur on devices running iOS 13. fishhook.c would access bad memory, this adds safety checks to the offending line. This fixes #61

daybreak1024 commented 5 years ago

Hello, I am experiencing the same problem.

I Use this program,but hook would be invalid.

Why indirect_symbol_bindings would out of bounds? Can you give me some prompt or inspiration.

And thanks.

PotatoMapper commented 5 years ago

Pulled and Testing on a 13 Beta device I had available and PR works well and as designed 👌

dinhvh commented 4 years ago

Any idea of the condition under which it happens?

megCanicalKb commented 4 years ago

Have you tested this locally to verify that the symbols were still rebinded?

indirect_symbol_bindings is a void** so sizeof() will return 8 bytes on arm64, then indirect_symbol_bindings[0] has the same size which means the line is simplified:

if (i < (8 / 8)) { ... }

I am not sure what check you are trying to add but I don't think that's the right code for it. You might have been hoping that sizeof(ptr) returns the total size of the array, but this only works for statically allocated arrays, with a size known by the compiler at compile time (here it's not).