28
edits
Changes
Jump to navigation
Jump to search
Line 142:
Line 142: − + + + + + + + + +
Pokemon Picross
| February, 2017
| February, 2017
| [[User:Nba_Yoh|MrNbaYoh]]
| [[User:Nba_Yoh|MrNbaYoh]]
|-
| Pokemon Picross
| Arbitrary memcpy via unchecked size
| When reading the savefile, the game handles some lists of buffers that are copied to memory. These buffers should always be 0x14-bytes long but the game uses the size provided in the savefile to copy them. These buffers are copied in some structs and thus with a big enough length value, one can overwrite the next struct which contains a size and a destination address for a memcpy.
| None?
| App: ?
| May 29, 2017
| June, 2016
| [[User:Nba_Yoh|MrNbaYoh]]
|}
|}