IT House news on April 26th, according to contributions from many IT House netizens, a QR code picture has been widely circulated across the Internet recently. Opening the picture in WeChat (or long pressing) will cause WeChat to If it crashes repeatedly, WeChat will enter safe mode and the account will be forced to log out.
According to the latest news from the OpenCV China team, This bug appeared in WeChat’s code scanning engine (IT House Note: The WeChat team open sourced its code scanning engine in OpenCV in 2021 engine).
According to the memory read and write bug discovered by GitHub users Konano and GZTimeWalker, Maliciously crafted images can cause the wechat_qrcode module to crash through invalid memory access.
The problem occurs in DecodedBitStreamParser::decodeByteSegment. As shown in the code below, if the incoming parameter bits_ is a ByteSegment with empty content but non-zero length, bits.available () returns 0, and then count is updated to 0, but nBytes remains non-0 without updating. . This will cause the subsequent append function to access the null pointer readBytes to read nBytes data, causing the program to terminate.
Currently this bug has been fixed by users submitting code, and the open source is still very fast. However, in the IT Home test, WeChat has not yet followed up and fixed it. At present, scanning the code will still crash. It may have to wait until the next version.
Articles are uploaded by users and are for non-commercial browsing only. Posted by: Lomu, please indicate the source: https://www.daogebangong.com/en/articles/detail/te-shu-er-wei-ma-tu-pian-feng-chuan-quan-wang-ke-dao-zhi-wei-xin-shan-tui-sao-ma-Bug-yi-bei-zhao-dao.html
支付宝扫一扫 
评论列表(196条)
测试