AtomVM icon indicating copy to clipboard operation
AtomVM copied to clipboard
verified publisher icon atomvm

Fixed potential VM crash when parsing external terms.

Open fadushin opened this issue 3 years ago • 0 comments

This change set adds range checking to the parsing of external term, for example, when loading modules or when converting binaries to terms. If an external term contains encodings that do not fit within the range of an allocated buffer, then the conversion will halt with an error. In the case of binary_to_term/1, the function will raise an error:badarg.

Without this change, the VM may crash on a malformed or maliciously crafted binary. In cases where binaries are exchanged between VM instances (e.g., via TCP), this could result in an attack vector (buffer overflow).

This PR fixed Issue #256

Signed-off-by: Fred Dushin [email protected]

These changes are made under both the "Apache 2.0" and the "GNU Lesser General Public License 2.1 or later" license terms (dual license).

SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later

fadushin avatar May 07 '22 14:05 fadushin