diff options
author | Nikias Bassen | 2022-01-31 03:27:42 +0100 |
---|---|---|
committer | Nikias Bassen | 2022-01-31 03:27:42 +0100 |
commit | 8ea84caa3cba801c4f240648a6b7919e9b3e0b0d (patch) | |
tree | 3ec89ca7e0ed28ead0c76e8e9abc46fae0c6dbfc /fuzz/xplist-leaks/leak-4c81aae70b20d9b9408b78d40999a54205bdcfb7 | |
parent | 7ddb1bd9e1d8bba58295d2e7e4872bcc6386968c (diff) | |
download | libplist-8ea84caa3cba801c4f240648a6b7919e9b3e0b0d.tar.gz libplist-8ea84caa3cba801c4f240648a6b7919e9b3e0b0d.tar.bz2 |
jplist: Fix OOB read in parse_primitive caused by missing 0-termination
In parse_primitive, integer and double values are parsed by using strtoll
and atof, which both expect the string to be 0-terminated. While this is
not a problem in well-formed JSON files, it can be if the JSON data is not,
possibly leading to a crash due to OOB memory access.
This commit fixes it by copying the value data in question to a stack buffer
and 0-terminate it, and use that buffer instead.
Credit to OSS-Fuzz
Diffstat (limited to 'fuzz/xplist-leaks/leak-4c81aae70b20d9b9408b78d40999a54205bdcfb7')
0 files changed, 0 insertions, 0 deletions