fcaseopen.c buffer overflow #232
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
memory is not supposed to get corrupted by the library that opens files case-insensitively
Actual Behavior
memory gets corrupted by the library that opens files case-insensitively
Steps to Reproduce
Hi!
Whilst trying to open a file case-insensitively I came across a codebase that seemed to do the job. But clang's address sanitizer was having none of it! It turns out that there is an off by one error in the buffer size allocation of fcaseopen causing a null terminator to be strcpy'd into unmanaged memory. I reported the problem to the original project but I decided I'd also let everyone I could find who still had the vulnerability floating around copies of it know as well.
You can find more information about it here: OneSadCookie/fcaseopen#2
Thanks,
Aaron.
Screenshots
No response
Log File
No response
Decompilation Version
all of them
Game Version
Blit Release (Steam/XBOX 360/PS3)
Game Revision
No response
Script Platform Type
Standard
Renderer Type
Software Renderer
Platform
N/A
Additional Comments
No response
The text was updated successfully, but these errors were encountered: