Dhiraj Mishra

icon indicating a website link www.inputzero.io

icon company Inputzero icon location Planet Earth icon location (!=1337)

Results 10 issues of Dhiraj Mishra

Potentially used usleep()

1 comment

File: catimg/blob/master/src/catimg.c#L138 i.e `usleep(img.delays[frame - 1] * 10000);` The `usleep()` function suspends execution of the calling thread for (at least) usec microseconds. The parameter you pass is a minimum time...

Regular expression dictionary

Adding `regexp.dict` Reference: https://twitter.com/RandomDhiraj/status/1204089908131979264

Assertion '(c & LIT_UTF8_4_BYTE_MASK) == LIT_UTF8_4_BYTE_MARKER' failed atlit-strings.c(lit_read_code_point_from_utf8)

**Commit:** 0ef509458e296056f0ccd48f4ea264134f3e5e06 **Tested on:** Ubuntu 18.04 LTS ## Build Steps ``` python ./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --stack-limit=20 ``` ## Execution steps &...

time-of-check, time-of-use race condition

Team, File: libsmbios/blob/master/src/libsmbios_c/smi/smi_linux.c#L307 ``` int __hidden wmi_supported() { if (access(wmi_char, F_OK) != -1) return 1; return 0; } ``` I believe this indicates a security flaw, If an attacker can...

Address bar spoofing

3 comment

Hi Team, A security issue was observed while performing bulk test-cases on `qupzilla browser`. Steps to reproduce the issue: 1. Open qupzilla 2. Open `spoof.html` 3. Drag the link to...

sprintf without bounds

From Brave: https://github.com/brave/browser-ios/blob/development/brave/node_modules/tracking-protection/node_modules/cppunitlite/src/SimpleString.cpp#L85 `sprintf (buffer, "%lf", value);` Does not check for buffer overflows, If message's length > str's length, there's a buffer overflow. This issue was reported to brave via...

[SECURITY] out-of-bound in commandoption.c

5 comment

### Summary While fuzzing `fastfetch` (4175dfdc3a9990060c9d7681da86702d2639b3ad) it was found that the application suffers from out-of-bound due to lack of input validation, allowing application to crash via a crafted configuration files...

bug

[SECURITY] stack-buffer-overflow in dictionary.c

### Summary While fuzzing `espeak-ng` it was found that the application suffers from stack-buffer-overflow via a crafted file under `RemoveEnding` function, which is located in the `dictionary.c` ### ASAN ```...

[SECURITY] heap-buffer-overflow in message.cpp

### Summary While fuzzing `sipp` (0254e2fa771f331053f8190280b6baf27927b574) it was found that the application suffers from out-of-bound via crafted XML files with a valid scenario, leading to denial or service or code...

Chrome OSX (cve_2021_21220_v8_insufficient_validation)

I am not sure if I am doing something wrong here but I am encountering the below error when, I am testing for "`cve_2021_21220_v8_insufficient_validation`" against macOS with a vulnerable browser,...

bug