Reputation: 368
Insecure APIs (_memcpy) can still be found in the iOS Application
We have developed an IOS application and found that the application binary file is using _malloc() function somewhere inside.
otool MyAppName -Iv | grep _malloc
0x00000001008dd812 155991 _malloc
0x000000010092d9b0 155991 _malloc
otool MyAppName -Iv | grep_memcpy
0x00000001008dd818 155992 _memcpy
0x000000010092d9b8 155992 _memcpy
We have not used malloc() function from inside our code. Not sure why this symbol is present within our binary. How can check that function usage or how can we remove this memcpy from our binary?
Upvotes: 1
Views: 2011
Answers (1)
Reputation: 52538
You are panicking about nothing. Memcpy is perfectly safe when used to copy data from one location to another. It does exactly what it says on the tin. If a developer is too stupid to use it properly, tough.
If you look at any “safer” alternative, they will check parameters and either refuse the operation or call memcpy. So you will have memcpy somewhere.
Same with malloc. What do you think gets called when you allocate a new object in C++, Objective-C or Swift, or for a std::vec or NSArray?
Upvotes: 2
Related Questions
- memset with Swift 5.2
- Security issue in iOS app build: The binary may contain the following banned API(s) _memcpy, _alloca, _gets
- AES128 memcry() crash
- Unsafe bytes in Swift 3
- Memset to UnsafeMutablePointer<UInt8> in swift
- Mac OS X equivalent of SecureZeroMemory / RtlSecureZeroMemory?
- Memcpy crash only on iPhone 5s
- How to do memcmp() in Swift?
- memcpy() leading to EXC_BAD_ACCESS in iOS
- memcpy causing 'exc bad access'