libmspack icon indicating copy to clipboard operation
libmspack copied to clipboard
verified publisher icon kyz

fix several potential vulnerabilities

Open YangY-Xiao opened this issue 7 years ago • 5 comments

fixing oob, null pointer deference

YangY-Xiao avatar Nov 14 '18 02:11 YangY-Xiao

How about the last two commits?

YangY-Xiao avatar Nov 14 '18 10:11 YangY-Xiao

so, line 495 in kwajd.c is not necessary, isn't it? https://github.com/kyz/libmspack/blob/master/libmspack/mspack/kwajd.c#L495

YangY-Xiao avatar Nov 14 '18 10:11 YangY-Xiao

Thanks very much for looking for potential vulnerabilities. What's in this patch is already fixed, but please do share any other vulnerabilities you find in future.

kyz avatar Nov 14 '18 10:11 kyz

so, line 495 in kwajd.c is not necessary, isn't it? https://github.com/kyz/libmspack/blob/master/libmspack/mspack/kwajd.c#L495

Yes, that's correct. It could just be if (lzh) lzh->sys->free(lzh);

kyz avatar Nov 14 '18 10:11 kyz

so, line 495 in kwajd.c is not necessary, isn't it? https://github.com/kyz/libmspack/blob/master/libmspack/mspack/kwajd.c#L495

Yes, that's correct. It could just be if (lzh) lzh->sys->free(lzh);

Gotcha. So, for coordinating the code should be changed.

YangY-Xiao avatar Nov 14 '18 10:11 YangY-Xiao