gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-05-30 16:30:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix memory corruption in NSException.

Browse source 
If compiling without backtrace or BFD support, we initialise the
location to store return addresses incorrectly, leaving a dangling
pointer which we then right over.

Most consumers never read this, so it seemed to work most of the time by
just overwriting a random bit of memory.

This probably has security implications, because throwing an exception
can clobber random bits of memory, though not with attacker-controlled
data.
This commit is contained in:
David Chisnall 2018-04-07 11:02:04 +01:00
parent 0ebb50f984
commit 3b1e94ec5d
3 changed files with 145 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Headers/Foundation/NSString.h
View file

@ -881,6 +881,12 @@ typedef NSUInteger NSStringEncodingConversionOptions;
@end
#ifdef __OBJC_GNUSTEP_RUNTIME_ABI__
# if __OBJC_GNUSTEP_RUNTIME_ABI__ >= 20
# define GNUSTEP_NEW_STRING_ABI
# endif
#endif
/**
* <p>The NXConstantString class is used to hold constant 8-bit character
* string objects produced by the compiler where it sees @"..." in the
@ -908,8 +914,16 @@ typedef NSUInteger NSStringEncodingConversionOptions;
@interface NXConstantString : NSString
{
@public
#ifdef GNUSTEP_NEW_STRING_ABI
uint32_t flags;
uint32_t nxcslen;
uint32_t size;
uint32_t hash;
const char * const nxcsptr;
#else
const char * const nxcsptr;
const unsigned int nxcslen;
#endif
}
@end