KSCrash icon indicating copy to clipboard operation
KSCrash copied to clipboard

Published 20 hours ago verified publisher icon kstenerud

Insecure malloc function is used instead of calloc

Open Gautam-zodape opened this issue 2 years ago • 0 comments

hi Team, We are getting error in PEN Test for iOS application which used rollbar(internally used KSCrash). PEN Test check for the security performance of app. We used mobSF (https://mobsf.github.io/Mobile-Security-Framework-MobSF/) tool for the PEN Test.

We get following error in Security PEN Test-

Insecure malloc function is used instead of calloc :-

  • malloc is insecure to use and we have calloc as safe alternative of it which should be used.

Do you have any plan for updating this function in your library? If yes then will it be available in next release or any ETA will be very helpful for me.

Following are the locations and line number of the malloc function used in KSCrash code -

  • KSKrashMonitor_NSException : Line Number 71
  • KSKrashMonitor_Signal : Line Number 131, 148
  • KSKrashMonitor_System : Line Number 130, 142
  • KSKrashReport : Line Number 1829
  • KSKrashReport_Fixer : Line Number 332, 335
  • KSString : Line Number 79
  • KSFileUtils : Line Number 171, 289
  • KSJSONCodecObjC : Line Number 130
  • KSLogger : Line Number 307

Gautam-zodape avatar Mar 10 '22 11:03 Gautam-zodape