3DS Userland Flaws: Difference between revisions
m SuperMysteryChunkHax still works with current *hax payloads and firmware versions. |
Pokemon Picross |
||
| Line 142: | Line 142: | ||
| February, 2017 | | February, 2017 | ||
| [[User:Nba_Yoh|MrNbaYoh]] | | [[User:Nba_Yoh|MrNbaYoh]] | ||
|- | |||
| Pokemon Picross | |||
| Arbitrary memcpy via unchecked size | |||
| When reading the savefile, the game handles some lists of buffers that are copied to memory. These buffers should always be 0x14-bytes long but the game uses the size provided in the savefile to copy them. These buffers are copied in some structs and thus with a big enough length value, one can overwrite the next struct which contains a size and a destination address for a memcpy. | |||
| None? | |||
| App: ? | |||
| May 29, 2017 | |||
| June, 2016 | |||
| [[User:Nba_Yoh|MrNbaYoh]] | |||
|} | |} | ||