Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OutOfMemoryError parsing a small plist file #72

Closed
lfcnassif opened this issue Oct 26, 2022 · 4 comments
Closed

OutOfMemoryError parsing a small plist file #72

lfcnassif opened this issue Oct 26, 2022 · 4 comments
Assignees
Labels

Comments

@lfcnassif
Copy link

The attached 1.68KB plist file causes a 4GB int[] array allocation when parsed using dd-plist-1.23. It is possibly corrupted, but I think the library should defend itself against this to avoid DOS attacks. This was first reported at sepinf-inc/IPED#1403

Let me know if you need some other information.

Thanks in advance.
1061134322640399597.zip

@lfcnassif
Copy link
Author

Update: this also happens with dd-plist-1.25

@3breadt
Copy link
Owner

3breadt commented Oct 29, 2022

The property list seems to be corrupted indeed. But how the library handled that file was really not optimal. Unnecessary memory allocation when parsing binary property lists has been reduced and the issue is now fixed.

@3breadt 3breadt closed this as completed Oct 29, 2022
@lfcnassif
Copy link
Author

Thank you very much, this was very fast! I'll test the fix with another triggering file and report back.

@lfcnassif
Copy link
Author

Just tested version 1.26 with another triggering file, the fix worked fine.

Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants