gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-05-30 08:21:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix memory corruption in NSException.

Browse source 
If compiling without backtrace or BFD support, we initialise the
location to store return addresses incorrectly, leaving a dangling
pointer which we then right over.

Most consumers never read this, so it seemed to work most of the time by
just overwriting a random bit of memory.

This probably has security implications, because throwing an exception
can clobber random bits of memory, though not with attacker-controlled
data.
This commit is contained in:
David Chisnall 2018-04-07 11:02:04 +01:00
parent 0ebb50f984
commit 3b1e94ec5d
3 changed files with 145 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Source/NSException.m
View file

@ -966,7 +966,7 @@ GSPrivateReturnAddresses(NSUInteger **returns)
{
jbuf_type *env;
returns = malloc(numReturns * sizeof(void*));
*returns = malloc(numReturns * sizeof(void*));
env = jbuf();
if (sigsetjmp(env->buf, 1) == 0)