search

libimobiledevice / libplist

A library to handle Apple Property List format in binary or XML
https://libimobiledevice.org
GNU Lesser General Public License v2.1
548 stars 304 forks source link

About SIGSEGV (Address boundary error) when using C++ PList::Array #255

Open olongchaa opened 9 months ago

olongchaa commented 9 months ago

I noticed that when using the PList::Array constructor. If array_fill is called to construct an Array object, the size will be incorrect.

static void array_fill(Array *_this, std::vector<Node*> &array, plist_t node)
{
    plist_array_iter iter = NULL;
    plist_array_new_iter(node, &iter);
    plist_t subnode;
    do {
        subnode = NULL;
        plist_array_next_item(node, iter, &subnode);
        array.push_back( Node::FromPlist(subnode, _this) );
    } while (subnode);
    free(iter);
}

It seems that the problem is here in the do while loop. Regardless of whether there are elements in plist_array, an element will be pushed_back, causing the size to not match the actual size. Is this normal?

At present, I have added judgment conditions myself.

static void array_fill(Array *_this, std::vector<Node*> &array, plist_t node)
{
    plist_array_iter iter = NULL;
    plist_array_new_iter(node, &iter);
    plist_t subnode;
    do {
        subnode = NULL;
        plist_array_next_item(node, iter, &subnode);
        if (subnode) {
            array.push_back( Node::FromPlist(subnode, _this) );
        }
    } while (subnode);
    free(iter);
}