if node type != string plist_get_string_val crash

libimobiledevice / libplist

A library to handle Apple Property List format in binary or XML

https://libimobiledevice.org

GNU Lesser General Public License v2.1

535 stars 304 forks source link

if node type != string plist_get_string_val crash #126

Closed xdeng closed 5 years ago

xdeng commented 6 years ago

char *val = NULL; plist_t node = NULL; plist_get_string_val(node, &val);

PLIST_API void plist_get_string_val(plist_t node, char **val)
{
    plist_type type = plist_get_node_type(node);
    uint64_t length = 0;
    if (PLIST_STRING == type)
        plist_get_type_and_value(node, &type, (void *) val, &length);
    assert(length == strlen(*val));
}

node type != string or node == NULL

strlen(NULL) crash

xdeng commented 6 years ago

plist_get_key_val same

galaxy001 commented 5 years ago

It is assert(length == strlen(*val));, I got a "__strlen_avx2" segmentation fault.

The code below will make *val be NULL. https://github.com/s0uthwest/tsschecker/blob/51a1c1745e58a2f26cb792615efa90d169618e4e/tsschecker/tsschecker.c#L990