Closed chibataiki closed 3 years ago
Thanks for the report. It basically is an "out-of-memory" issue. I am not sure what I can do to prevent it.
I'm not sure if set upper limit on the size of some variable will work or is suitable, I will analysis this later.
Hi,
A memory exhaustion vulnerability was found in the function ReadNextStructField() in mat.c , which allows attackers to cause a denial of service.
env version 1.5.21 : commit 8e18058
ubuntu 20.04 x86_64 gcc version 9.3.0
reproduce ./configure make ./matdump poc poc zipped
debug info
In this for loop, the
Mat_VarCalloc()
will run0x3030303
times and exhaust all memory(In my machine ,8G) , and then terminated with signal SIGKILL