Closed robszewczyk closed 1 year ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
This stale issue has been automatically closed. Thank you for your contributions.
This stale issue has been automatically closed. Thank you for your contributions.
Problem
Pointer values in logs could be used to bypass ASLR, making exploitation of other vulnerabilities easier.
Searching the source code for string pattern
%p
shows object addresses are being logged in some places:Proposed Solution
Pointer value prints should be either removed or only used on debug builds.
Generally, sensitive data should not be logged.
Relatively low priority, post 1.0