Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-9167] iOS: Range and sanity check memory allocations via malloc that would reasonably be over 2KB.

GitHub Issuen/a
TypeStory
PriorityHigh
StatusClosed
ResolutionFixed
Resolution Date2012-05-21T15:24:00.000+0000
Affected Version/sRelease 2.0.1
Fix Version/sRelease 2.1.0, Sprint 2012-10 API
ComponentsiOS
Labelscore
ReporterIngo Muschenetz
AssigneeIngo Muschenetz
Created2012-05-17T13:17:53.000+0000
Updated2014-02-04T01:09:17.000+0000

Description

An analysis was performed, and checking for the possibility malloc producing a NULL value is not being done. In the majority of cases, these allocations are small constant sizes (such as the size of an internet address structure) and do not need checks (The iOS watchdog would be shutting things down long beforehand). However, I did note a few places where such checks may be of use: * AsyncUdpSocket.m uses a DEFAULT_MAX_RECEIVE_BUFFER_SIZE of 9KB. * AudioStreamer relies on getting a value from iOS for the size of the buffer to allocate. * NSData * decode64 (NSData * thedata) may be dealing with base64 encodings of binary blobs in the multi-kilobytes. * -\[TiDataStream writeToStream:chunkSize:callback:\] and -\[TiDataStream pumpToCallback:chunkSize:synch:\] does not check the sign or value of size before using it in a malloc, nor does its subclass TiFilesystemStreamProxy. * TiNetworkTCPSocketProxy uses a bufferSize of 4KB. * TiUIWebView and UtilsModule, when preparing to Base64Encode, do not check the malloc caused by an estimated encoded data size.

Comments

No comments

JSON Source