AddressSanitizer: heap-use-after-free at libpff_item_tree.c:828 - Githubissues

libyal / libpff

Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format

GNU Lesser General Public License v3.0

286 stars 74 forks source link

AddressSanitizer: heap-use-after-free at libpff_item_tree.c:828 #62

Closed hongxuchen closed 6 years ago

hongxuchen commented 6 years ago

POC files: https://github.com/ntu-sec/pocs/blob/master/libpff-4938b7a/crashes/huaf_libpff_item_tree.c%3A828_1.input.txt https://github.com/ntu-sec/pocs/blob/master/libpff-4938b7a/crashes/huaf_libpff_item_tree.c%3A828_2.input.txt

ASan output: https://github.com/ntu-sec/pocs/blob/master/libpff-4938b7a/crashes/huaf_libpff_item_tree.c%3A828_1.err.SIG06 https://github.com/ntu-sec/pocs/blob/master/libpff-4938b7a/crashes/huaf_libpff_item_tree.c%3A828_2.err.SIG06

joachimmetz commented 6 years ago

This appears to be a duplicate of #61