diff options
author | Nikias Bassen | 2019-09-03 01:16:03 +0200 |
---|---|---|
committer | Nikias Bassen | 2019-09-03 01:21:05 +0200 |
commit | 6a53de92e2b5029ee293c79d481ff5fd9528f8c3 (patch) | |
tree | c7d1f351abade12f9ff3a27ddd9808afcb6788b0 /fuzz/bplist-crashes/crash-39f1347115f8fe9ac25cdc9332e3fc5cd32c7f7b | |
parent | 025d042c6228ab41832bcb3ebbae070a76033a4c (diff) | |
download | libplist-6a53de92e2b5029ee293c79d481ff5fd9528f8c3.tar.gz libplist-6a53de92e2b5029ee293c79d481ff5fd9528f8c3.tar.bz2 |
libcnary: [BUGFIX] Set list->end to NULL when removing last and only element from list
This prevents a UaF in node_list_add. The issue became visible after removing
the last (and only) item from a PLIST_DICT or PLIST_ARRAY node, and then
adding a new item - the item will not make it into the actual dictionary or
array because the list->end pointer points to invalid memory, effectively
causing memory corruption.
Diffstat (limited to 'fuzz/bplist-crashes/crash-39f1347115f8fe9ac25cdc9332e3fc5cd32c7f7b')
0 files changed, 0 insertions, 0 deletions