Jump to content

Found an interesting buffer overflow bug (not a security risk AFAIK)

Sparkette

By Sparkette
in Development Environment (IDE)

Recommended Posts

Sparkette Contributor

Sparkette

Posted
Posted (edited)

Easy to reproduce; just follow  these steps:

  1. Place an Initialize Array node in the block diagram
  2. Make it a large number of dimensions (really anything more than 1 will work, but do more for full effect)
  3. Do not connect anything to the Initialize Array, so it remains void
  4. Right-click the output terminal, and go to Create->Indicator
  5. Look at the index displays on the front panel.

When the array indicator is created, it's supposed to set aside memory to store the selected indices for however many dimensions are needed. But apparently, if the type is void, it only sets aside room for one dimension, leaving the additional index displays pointing to addresses that are supposed to be used for other things. I searched for the values that appeared using Cheat Engine, and sure enough, it cuts into a section of memory that looks like it's being used for something else.

 

On a side note, just for fun I changed the values on all the index displays, and one of the index displays changed to show garbage characters. Then when I closed the VI, LabVIEW crashed. So yeah, it looks like a buffer overflow.

 

This is in 2014 btw.

Edited by flarn2006
  • Like 1
Link to comment
ShaunR Proficient

ShaunR

Posted
Posted

Easy to reproduce; just follow  these steps:

  1. Place an Initialize Array node in the block diagram
  2. Make it a large number of dimensions (really anything more than 1 will work, but do more for full effect)
  3. Do not connect anything to the Initialize Array, so it remains void
  4. Right-click the output terminal, and go to Create->Indicator
  5. Look at the index displays on the front panel.

When the array indicator is created, it's supposed to set aside memory to store the selected indices for however many dimensions are needed. But apparently, if the type is void, it only sets aside room for one dimension, leaving the additional index displays pointing to addresses that are supposed to be used for other things. I searched for the values that appeared using Cheat Engine, and sure enough, it cuts into a section of memory that looks like it's being used for something else.

 

On a side note, just for fun I changed the values on all the index displays, and one of the index displays changed to show garbage characters. Then when I closed the VI, LabVIEW crashed. So yeah, it looks like a buffer overflow.

 

This is in 2014 btw.

 

Confirmed. Introduced in LV 2013 and doesn't affect LV 64 bit...

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept