Vulnerability Development mailing list archives
osx bugs in realplayer, grapher, and garage band
From: new.security () gmail com
Date: 25 Aug 2005 21:23:18 -0000
a couple of bugs i found in os x applications: real player for os x: _______________________________ realplayer's proxy preference contains an overflow when filled with a large string of characters. gdb output: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x61616169 0x90003bf4 in szone_malloc () (gdb) as shown by the output the program is trying to reach the memory adress of 0x61616169 (which translates to a string of a's) since i put a large string of a's in the proxy preference box it overwrit the correct adress in memory with a's. _______________________________ Grapher for os x: _______________________________ when copying and pasteing a large string into grapher's y value box it causes grapher to eat up memory causing a denial of service type bug. _______________________________ garage band for os x: _______________________________ if you change the composer name, itunes library, and album name in garage band's preferences to large strings then make a change to your song then press the exit button then when it asks to save say yes, it will crash Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000b2b 0x909ad0f8 in objc_msgSend ()
Current thread:
- osx bugs in realplayer, grapher, and garage band new . security (Aug 28)