nikias
commented
7 years ago If I'm not mistaken this happens when you try to parse a file with plistutil that is shorter than 8 bytes. Correct?
Closed zhunki closed 7 years ago
nikias
commented
7 years ago If I'm not mistaken this happens when you try to parse a file with plistutil that is shorter than 8 bytes. Correct?
zhunki
commented
7 years ago sure. seems you have known this bug. I also find a few other bugs. should I submit them here?
nikias
commented
7 years ago I didn't know the bug but could figure it from the actual lines of code from the address sanitizer output. If you have other bugs you can submit them here.
nikias
commented
7 years ago Fixed in master with commit 7391a506352c009fe044dead7baad9e22dd279ee
epozuelo
commented
7 years ago This is CVE-2017-5545
I found a heap-buffer-overflow vulnerability. Should I submit it here and can it be assigned a CVE ID if validated? Should I submit poc after the report is closed? Thanks,
here is the stack trace: ==21852== ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5e007d7 at pc 0x804a78c bp 0xbf815888 sp 0xbf81587c READ of size 1 at 0xb5e007d7 thread T0
0 0x804a78b in main /home/b/asan/libplist/tools/plistutil.c:137
0xb5e007d7 is located 4 bytes to the right of 3-byte region [0xb5e007d0,0xb5e007d3) allocated by thread T0 here:
0 0xb6147854 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16854)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/b/asan/libplist/tools/plistutil.c:137