Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

concroob - More explanations about the check and on a real case #24

Open
marcinguy opened this issue Apr 6, 2021 · 1 comment
Open

concroob - More explanations about the check and on a real case #24

marcinguy opened this issue Apr 6, 2021 · 1 comment

Comments

@marcinguy
Copy link

What does the "Right" and value mean?

If path is possible does it mean the OOB is possible? Or it has to state "attack is possible"?

Tried to pinpoint the code, but wasn't able to... seems like this is a linked function. Don't know how to find it.

Can somebody explain the output of this check and help to diagnose the finding?

Or the bug is not "real", "effective"?

Potential OOB index of
Right 4294967295
4294967295
Name "_ZNSt3__113__vector_baseIdNS_9allocatorIdEEED2Ev_56"
is
path possible
in file
/local/frameworks/base/media/native/midi/libmidi/android_arm_armv7-a-neon_krait_core_shared/obj/frameworks/base/media/native/midi/.midi.o.ll
in function
Name "_ZNSt3__113__vector_baseIdNS_9allocatorIdEEED2Ev"
on path
[UnName 1,UnName 37,UnName 44,UnName 48]

Potential OOB index of
Right 4294967295
4294967295
Name "_ZNSt3__113__vector_baseIxNS_9allocatorIxEEED2Ev_56"
is
path possible
in file
/local/frameworks/base/media/native/midi/libmidi/android_arm_armv7-a-neon_krait_core_shared/obj/frameworks/base/media/native/midi/.midi.o.ll
in function
Name "_ZNSt3__113__vector_baseIxNS_9allocatorIxEEED2Ev"
on path
[UnName 1,UnName 37,UnName 44,UnName 48]

Potential OOB index of
Right 4294967295
4294967295
Name "_ZNSt3__113__vector_baseIiNS_9allocatorIiEEED2Ev_56"
is
path possible
in file
/local/frameworks/base/media/native/midi/libmidi/android_arm_armv7-a-neon_krait_core_shared/obj/frameworks/base/media/native/midi/.midi.o.ll
in function
Name "_ZNSt3__113__vector_baseIiNS_9allocatorIiEEED2Ev"
on path
[UnName 1,UnName 37,UnName 44,UnName 48]

C source - https://github.com/marcinguy/public/blob/master/midi.cpp
LL - https://github.com/marcinguy/public/blob/master/midi.o.ll (with debugs)

Help is appreciated.

Thanks,
@marcinguy
Copy link
Author

OK, @deian replied to other similar issue (#17)

"The path is feasible but unless the tool spits out that the attack is possible it means you can reach that block but likely can't trigger the bug."

So it seems I cannot trigger the bug.

What does the "Right" and value mean? Maximum value for a 32-bit unsigned integer in computing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@marcinguy