search

libimobiledevice / libplist

A library to handle Apple Property List format in binary or XML
https://libimobiledevice.org
GNU Lesser General Public License v2.1
548 stars 304 forks source link

libplist plist_copy_node() segmentation fault #142

Closed sctol closed 5 years ago

sctol commented 5 years ago

For nodes of type PLIST_ARRAY or PLIST_DICT that have a hashtable set, plist_copy_node() does not correctly build the hashtable of the new node.

When the node to be copied has a hashtable, plist_copy_node() allocates memory for the new node's hashtable and then populates the new node's hashtable using the children of the old node. Later it recursively copies the old node's children into the new node.

The new node's hashtable is left valid only for the old node's children, not the copied children descending from the new node. If the old node is updated or deleted, accessing the new node's children through its hashtable will either cause incorrect data to be returned or a segmentation fault.

To correct this, plist_copy_node() should build the new nodes's hashtable after the children are copied.

nikias commented 5 years ago

See commit e1a5d60e98b72fe110391da848c77cc36665bd66, that should fix it. Thanks for reporting.