search

skelsec / minidump

Python library to parse and read Microsoft minidump file format
MIT License
271 stars 55 forks source link

Fix off-by-one error in bounds checks #28

Closed mrexodia closed 2 years ago

mrexodia commented 2 years ago

Code snippet to reproduce the bug:

        seg: MinidumpMemorySegment
        for seg in self._minidump.memory_segments_64.memory_segments:
            print(f"initialize base: 0x{seg.start_virtual_address:x}, size: 0x{seg.size:x}")
            self._memory.move(seg.start_virtual_address)
            assert self._memory.current_position == seg.start_virtual_address
            data = self._memory.read(seg.size)

The bounds check first moves the position and then checks if it's in bounds, but this is incorrect because if you read the full page it would look like things are out of bounds even though they aren't.

mrexodia commented 2 years ago

Ping, would be appreciated if this could be merged.