pjreddie/darknet

Potential Divide By Zero Vulnerability in Darknet Project

CR7-source opened this issue · 0 comments

I have found a potential divide by zero vulnerability in the Darknet project .Can you please help me check it? Thank you for your effort and patience!
Below is the execution sequence of the program that may produce divide by zero vulnerability .

  1. darknet/src/parser.c forward_detection_layer function:On line 677, the count variable is defined to return value of option_find_int_quiet. On line 618, count is used as the divisor.
    image
  2. darknet/src/option_list.c option_find_int_quiet function:On line 124, the option_find_int_quiet will return the argument def if option_find return null.According to the source code on line 677, the def argument is 0 .
    image
  3. Base on the step 1 and 2,variable count can be 0 and is used to be divisor.