david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OOB fix in set_abort_reason_auxiliary_buffer

Browse Source 
passing a message size larger than the size of the msg buffer to
set_abort_reason_auxiliary_buffer() may lead to an out-of-bounds read.
This commit is contained in:
rh0 2024-09-30 21:57:37 +02:00
parent e5e1c4c21f
commit 0533f3f67e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nyx/helpers.c
View File

@ -28,6 +28,8 @@ void nyx_abort(const char *fmt, ...)
msglen = vsnprintf(msg, sizeof(msg), fmt, ap); msglen = vsnprintf(msg, sizeof(msg), fmt, ap);
va_end(ap); va_end(ap);
msglen = MIN(msglen, sizeof(msg));
nyx_error("%s\n", msg); nyx_error("%s\n", msg);
set_abort_reason_auxiliary_buffer(GET_GLOBAL_STATE()->auxilary_buffer, msg, set_abort_reason_auxiliary_buffer(GET_GLOBAL_STATE()->auxilary_buffer, msg,
msglen); msglen);