Skip to content

Missing NULL check in _gum_quick_scope_enter #1097

New issue
New issue
Open
Open
Missing NULL check in _gum_quick_scope_enter#1097
@v-p-b

Description

@v-p-b
v-p-b
opened on Feb 25, 2026

I stumbled upon a crash related to this line when using 17.7.2:

frida-gum/bindings/gumjs/gumquickcore.c

Lines 1945 to 1946 in 7804914

if (core->interceptor != NULL)
gum_interceptor_begin_transaction (core->interceptor->interceptor);

I noticed that the downstream logic changed somewhat in at version 17.7.3 but I think the original root cause wasn't remediated: while the code checks if core->interceptor is NULL it doesn't check if core->interceptor->interceptor (notice the additional indirection) is a valid pointer which will cause a NULL-adjacent access in gum_interceptor_begin_transaction:

frida-gum/gum/guminterceptor.c

Lines 944 to 947 in 7804914

gum_interceptor_transaction_begin (GumInterceptorTransaction * self)
{
self->level++;
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions