Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory safety issues in string handlings #79

Open
guillaume-uH57J9 opened this issue Mar 25, 2024 · 0 comments
Open

Memory safety issues in string handlings #79

guillaume-uH57J9 opened this issue Mar 25, 2024 · 0 comments

Comments

@guillaume-uH57J9
Copy link

guillaume-uH57J9 commented Mar 25, 2024
edited
Loading

PhysFS has some memory safe issues resulting in out-of-bound reads.
These issues were noticed by running tests using Clang's sanitizers (address,signed-integer-overflow).

An obvious impact is the ability to make software crash (ie Denial of Service) by providing malformed archives.
I have not investigated whether more serious exploits are possible or not. My focus is on reporting problems and recommending fixes.

  • physfs_archiver_csm.c: Off-by-one error in array index may lead to accessing memory after the end of the name buffer.
  • physfs_archived_qpak.c: Failure to validate the name is null-terminated may lead to accessing memory after the end of the name buffer.
  • physfs_unicode.c: Off-by-one error in buffer increment may lead to accessing memory after the end of an unicode buffer.

An upcoming merge request will provide a possible fix and will points to specific lines of code.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@guillaume-uH57J9