heap-buffer-overflow in kac_print #26
Comments
|
The NPDM provided has malformed input -- the ACI0 appears to have been shifted one byte to start at 0x4A3 instead of 0x4A4, where it should. I'm not entirely certain that this is reasonably addressable -- the ACI/KAC format specifies the size for the KAC, and by shifting the format you're causing it to decide the KAC is enormous, so it will crash while trying to parse KAC entries in uninitialized memory. I don't know that it's within scope to guard against deliberately malicious input. Thoughts? |
|
if you do plan to patch out exploits in hactool, then i'll probably fuzz it some more (so far i found 2 heap overflows and a stack overflow in the romfs parser) |
|
I saw your previous message about compiling with ASAN. You need -fsanitize=address in the linker flags, too. |
ASAN log: https://hastebin.com/fajijidacu.go
crashing sample: heapoverflownpdm.zip
found through afl-fuzz
The text was updated successfully, but these errors were encountered: