Jump to content
News about the LabVIEW Wiki! Read more... ×
Sign in to follow this  
flarn2006

Found an interesting buffer overflow bug (not a security risk AFAIK)

Recommended Posts

Easy to reproduce; just follow  these steps:

  1. Place an Initialize Array node in the block diagram
  2. Make it a large number of dimensions (really anything more than 1 will work, but do more for full effect)
  3. Do not connect anything to the Initialize Array, so it remains void
  4. Right-click the output terminal, and go to Create->Indicator
  5. Look at the index displays on the front panel.

When the array indicator is created, it's supposed to set aside memory to store the selected indices for however many dimensions are needed. But apparently, if the type is void, it only sets aside room for one dimension, leaving the additional index displays pointing to addresses that are supposed to be used for other things. I searched for the values that appeared using Cheat Engine, and sure enough, it cuts into a section of memory that looks like it's being used for something else.

 

On a side note, just for fun I changed the values on all the index displays, and one of the index displays changed to show garbage characters. Then when I closed the VI, LabVIEW crashed. So yeah, it looks like a buffer overflow.

 

This is in 2014 btw.

Edited by flarn2006
  • Like 1

Share this post


Link to post
Share on other sites

Easy to reproduce; just follow  these steps:

  1. Place an Initialize Array node in the block diagram
  2. Make it a large number of dimensions (really anything more than 1 will work, but do more for full effect)
  3. Do not connect anything to the Initialize Array, so it remains void
  4. Right-click the output terminal, and go to Create->Indicator
  5. Look at the index displays on the front panel.

When the array indicator is created, it's supposed to set aside memory to store the selected indices for however many dimensions are needed. But apparently, if the type is void, it only sets aside room for one dimension, leaving the additional index displays pointing to addresses that are supposed to be used for other things. I searched for the values that appeared using Cheat Engine, and sure enough, it cuts into a section of memory that looks like it's being used for something else.

 

On a side note, just for fun I changed the values on all the index displays, and one of the index displays changed to show garbage characters. Then when I closed the VI, LabVIEW crashed. So yeah, it looks like a buffer overflow.

 

This is in 2014 btw.

 

Confirmed. Introduced in LV 2013 and doesn't affect LV 64 bit...

Share this post


Link to post
Share on other sites

Hmm, just tried it with the LV versions that I have and I can reproduce it in all versions

 

7.1.1

8

2010 32bit

2013 32bit

2013 64bit

2014 32bit

2013 64bit

Share this post


Link to post
Share on other sites

Changing a void constant with lots of dimensions to control and then back to constant causes a crash for me

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.