Skip to content

Alternative fix for CVE-2022-24795#242

Open
skazi0 wants to merge 1 commit into
lloyd:masterfrom
skazi0:buf-overflow-fix
Open

Alternative fix for CVE-2022-24795#242
skazi0 wants to merge 1 commit into
lloyd:masterfrom
skazi0:buf-overflow-fix

Conversation

@skazi0

@skazi0 skazi0 commented May 12, 2022

Copy link
Copy Markdown

This is a "hybrid" of #240, brianmario/yajl-ruby#211 and robohack/yajl@166b384

Using abort() to avoid heap corruption/infinite loop while not adding new requirements for clients of this library and/or complex error handling mechanisms.

The buffer reallocation could cause heap corruption because of `need`
overflow for large inputs. In addition, there's a possible infinite loop
in case `need` reaches zero.

The fix is to `abort()` if the loop ends with lower value of `need` than
when it started.
@Neustradamus

Copy link
Copy Markdown

A long time ago, I have done a ticket:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants