Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More fixes for issues caught by fuzzer #935

Merged
merged 6 commits into from
Apr 6, 2024

Conversation

roticv
Copy link
Contributor

@roticv roticv commented Mar 23, 2024

Fuzzer caught some issues and these two commits have the fixes. The issues are in the space of large malloc that is the result of underflow (due to incorrect boundary checks).

roticv added 6 commits March 22, 2024 22:10
Fuzzer caught another large malloc. This is caused by lack of boundary check
in Ap4OdheAtom causing underflow.
Earlier boundary checks were insufficient to prevent certain potential
payloads. This adds more boundary checks to prevent underflow of remains. I have
also remove the usage of GetHeaderSize in constructor as it is a virtual method.
Fuzzer caught another large malloc. This is caused by lack of boundary check
in Ap4SbgpAtom causing underflow.
Fuzzer caught another large malloc in Ap4SbgpAtom. It is caused by overflow
in boundary check
The lack of boundary checks in Ap4ContainerAtom leads to an underflow
in size which then leads to existing validation checks to fail and hence allow
large malloc.
Same problem as before, underflow of bytes_available results in some potential
attack
@barbibulle barbibulle merged commit b2e4c13 into axiomatic-systems:master Apr 6, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants