JeasonTom

icon indicating a website link bladchan.github.io

icon company Sichuan University icon location Chengdu, Sichuan icon location M.S. in Sichuan University. My research is fuzzing.

Results 3 comments of JeasonTom

Unknown-crash in function dwarf::line_table::begin at dwarf/line.cc:153

There is also a SEGV in function dwarf::line_table::begin at dwarf/line.cc:153, here I just upload the file: [badelf_segv_begin.zip](https://github.com/aclements/libelfin/files/9466205/badelf_segv_begin.zip) **ASAN** says: > AddressSanitizer:DEADLYSIGNAL ================================================================= ==50710==ERROR: AddressSanitizer: SEGV on unknown address 0x7ffabbe6cade (pc...

SEGV / Heap-buffer-overflow in LIEF::DEX::Parser::parse_field / LIEF::DEX::Parser::parse_fields at DEX/Parser.tcc

There is another bad DEX file which can also lead LIEF::DEX::Parser::parse to a heap-buffer-overflow(read) issue. Maybe it is the same reason which caused heap-buffer-overflow in DEX/Parser.tcc, so I report it...

Heap buffer overflow (read) in DnsResource::getDataLength() at DnsResource.cpp:277:24

I was fuzzing PcapPlusPlus yesterday and found the same bug in version [#22269e8](https://github.com/seladb/PcapPlusPlus/commit/22269e8d40bebdbef225d63bf0a92a9bd94988d7). By debugging it, I found that `DnsResource::getDataLength()` in Packet++/DnsResource.cpp didn't check the boundary of m_DnsLayer->m_Data. Therefore, It...