3DS Userland Flaws: Difference between revisions
| Line 11: | Line 11: | ||
! Timeframe this was discovered | ! Timeframe this was discovered | ||
! Discovered by | ! Discovered by | ||
|- | |||
| The Legend of Zelda: Ocarina of Time 3D | |||
| UTF-16 name string buffer overflow via unchecked u8 length field | |||
| The u8 at offfset 0x2C in the savefile is the character-length of the UTF-16 string at offset 0x1C. When copying this string, it's essentially a memory-copy with lenval*2, not a string-copy. This can be used to trigger buffer overflows at various locations depending on the string length. | |||
Length value>=0xCD causes a crash while loading the saveslot, via a heap buffer overflow. When value is >=0x6E it crashes when saving the saveslot. With value >=0x9A, it crashes via stack-smash in-game once any dialogs are opened(touching buttons on the touch-screen to enter certain menu(s) can trigger it too). | |||
| None | |||
| | |||
| Around October 22, 2012 | |||
| [[User:Yellows8|Yellows8]] | |||
|- | |- | ||
| Cubic Ninja | | Cubic Ninja | ||