OOB access when parse_rela_sect_smart failed
ThomasKing2014 opened this issue · comments
"if ((size_t)p - (size_t)kern_buf >= kern_mmap_size) { "
should be
if ((size_t)p + sizeof(*p) - (size_t)kern_buf >= kern_mmap_size) {
Android/Linux vmlinux loader
ThomasKing2014 opened this issue · comments
"if ((size_t)p - (size_t)kern_buf >= kern_mmap_size) { "
should be
if ((size_t)p + sizeof(*p) - (size_t)kern_buf >= kern_mmap_size) {