DSiBrew

Changes

DSiWare VulnList (view source)

Revision as of 19:10, 13 November 2010

216 bytes added ,  19:10, 13 November 2010
no edit summary
Line 9: Line 9:  
!  Status
 
!  Status
 
!  Description
 
!  Description
|-
  −
|  Paul's Shooting Adventure
  −
|  ?
  −
|  Started
  −
|  Unknown if this has any input or high-scores.
   
|}
 
|}
   Line 27: Line 22:  
|  Dark Void Zero
 
|  Dark Void Zero
 
| High-Scores
 
| High-Scores
| No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields.
+
| No limit on length of drawn record names, no vuln with high-scores. The level var from savedata doesn't have any bounds check, this is used with array indexes. This is not exploitable since the array structs only contain char* strings and other fields, and that var is used with level class init. Level class init fail is most likely the cause of the crash which isn't exploitable, level paths are determined by if statements and the level object is used uninitialized when the level var is out-of-bounds.
 
|-
 
|-
 
|  Dracula
 
|  Dracula
Line 40: Line 35:  
|  None
 
|  None
 
|  No high-scores or string input.
 
|  No high-scores or string input.
 +
|-
 +
|  Paul's Shooting Adventure
 +
|  None
 +
|  No string input.
 
|}
 
|}
  
Retrieved from "https://dsibrew.org/wiki/Special:MobileDiff/3187"