Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities found while checking r2 cves. #4631

Merged
merged 4 commits into from
Sep 13, 2024
Merged

Fix vulnerabilities found while checking r2 cves. #4631

merged 4 commits into from
Sep 13, 2024

Conversation

wargio
Copy link
Member

@wargio wargio commented Sep 12, 2024
edited
Loading

do not squash

Your checklist for this pull request

  • I've read the guidelines for contributing to this repository
  • I made sure to follow the project's coding style
  • I've documented or updated the documentation of every function and struct this PR changes. If not so I've explained why.
  • I've added tests that prove my fix is effective or that my feature works (if possible)
  • I've updated the rizin book with the relevant information (if needed)

Detailed description

  • Harden string limits in coresymbolication.c to make ASAN happy
  • Fix out of bound read in analysis_objc.c
  • Always check for null when calling calloc in dyldcache.c

@wargio wargio mentioned this pull request Sep 12, 2024
Closed
48 tasks
@wargio wargio marked this pull request as draft September 12, 2024 16:06
XVilka
XVilka requested changes Sep 12, 2024
View reviewed changes
Copy link
Member

@XVilka XVilka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocked until fuzzing slowness is addressed

@wargio wargio marked this pull request as ready for review September 13, 2024 01:56
@wargio wargio requested a review from XVilka September 13, 2024 03:47
@wargio wargio merged commit a29c2c3 into dev Sep 13, 2024
45 checks passed
@wargio wargio deleted the fuzz-fix-vulns branch September 13, 2024 04:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kazarmy kazarmy Awaiting requested review from kazarmy kazarmy is a code owner

@thestr4ng3r thestr4ng3r Awaiting requested review from thestr4ng3r thestr4ng3r is a code owner

@ret2libc ret2libc Awaiting requested review from ret2libc ret2libc is a code owner

@XVilka XVilka Awaiting requested review from XVilka XVilka is a code owner

Assignees
No one assigned
Labels
infrastructure Mach-O RzBin RzCore
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wargio @XVilka