丰县人别扫!这张特殊二维码可致微信闪退
<p style="margin-top: 0px; margin-bottom: 28px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; font-size: 16px; line-height: 32px; text-align: justify; color: rgb(59, 59, 59); word-break: break-word; font-family: PingFang SC, Microsoft YaHei, Helvetica, Hiragino Sans GB, WenQuanYi Micro Hei, sans-serif; letter-spacing: 0.5px; white-space: normal; background-color: rgb(255, 255, 255);">最近,一张二维码照片在互联网上流传开来。扫描或打开该图片会导致<a href="https://www.chinaz.com/tags/weixinshantui.shtml" target="_blank" style="margin: 0px; padding: 0px 0px 2px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; color: rgb(66, 66, 66); text-decoration-line: none; position: relative; z-index: 0; cursor: pointer;"><span style="margin: 0px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000;">微信闪退</span></a>。如果出现短时间内多次闪退,微信将进入安全模式,迫使用户退出账号。<p style="margin-top: 0px; margin-bottom: 28px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; font-size: 16px; line-height: 32px; text-align: justify; color: rgb(59, 59, 59); word-break: break-word; font-family: PingFang SC, Microsoft YaHei, Helvetica, Hiragino Sans GB, WenQuanYi Micro Hei, sans-serif; letter-spacing: 0.5px; white-space: normal; background-color: rgb(255, 255, 255);">目前,用户已经发现,造成此问题的是微信扫码引擎中的一个内存读写Bug。这类<a href="https://www.chinaz.com/tags/809205.shtml" target="_blank" style="margin: 0px; padding: 0px 0px 2px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; color: rgb(66, 66, 66); text-decoration-line: none; position: relative; z-index: 0; cursor: pointer;"><span style="margin: 0px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000;">恶意图片</span></a>通过无效的内存访问来导致wechat_qrcode模块崩溃。
<p class="article-content__img" style="margin-top: 0px; margin-bottom: 28px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; font-size: 16px; line-height: 32px; text-align: center; color: rgb(59, 59, 59); word-break: break-word; font-family: PingFang SC, Microsoft YaHei, Helvetica, Hiragino Sans GB, WenQuanYi Micro Hei, sans-serif; letter-spacing: 0.5px; display: flex; -webkit-box-align: center; align-items: center; -webkit-box-pack: center; justify-content: center; flex-direction: column; white-space: normal; background-color: rgb(255, 255, 255);"><span style="text-align: justify;">具体而言,如果传入的参数bits_是内容为空,但长度非零的ByteSegment,此时bits.available () 将返回0,而count也将被更新为0。但与此同时,nBytes并没有更新,而是保持非0,这将导致后续的append函数访问空指针readBytes读取nBytes数据,导致程度异常终止。</span>
<p class="article-content__img" style="margin-top: 0px; margin-bottom: 28px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; font-size: 16px; line-height: 32px; text-align: center; color: rgb(59, 59, 59); word-break: break-word; font-family: PingFang SC, Microsoft YaHei, Helvetica, Hiragino Sans GB, WenQuanYi Micro Hei, sans-serif; letter-spacing: 0.5px; display: flex; -webkit-box-align: center; align-items: center; -webkit-box-pack: center; justify-content: center; flex-direction: column; white-space: normal; background-color: rgb(255, 255, 255);">
<p style="margin-top: 0px; margin-bottom: 28px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; font-size: 16px; line-height: 32px; text-align: justify; color: rgb(59, 59, 59); word-break: break-word; font-family: PingFang SC, Microsoft YaHei, Helvetica, Hiragino Sans GB, WenQuanYi Micro Hei, sans-serif; letter-spacing: 0.5px; white-space: normal; background-color: rgb(255, 255, 255);">目前,有用户在GitHub提交了该Bug的代码修复,微信官方预计将在下一个版本中整合用户的修复补丁。
<p style="margin-top: 0px; margin-bottom: 28px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; font-size: 16px; line-height: 32px; text-align: justify; color: rgb(59, 59, 59); word-break: break-word; font-family: PingFang SC, Microsoft YaHei, Helvetica, Hiragino Sans GB, WenQuanYi Micro Hei, sans-serif; letter-spacing: 0.5px; white-space: normal; background-color: rgb(255, 255, 255);">虽然闪退不会严重影响微信的使用,但为了安全起见,在微信官方修复问题之前,<span class="spamTxt" style="margin: 0px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000;">最好</span>不要打开或扫描存在问题的二维码。
<p style="margin-top: 0px; margin-bottom: 28px; padding: 0px; box-sizing: border-box; outline: 0px; border-width: 0px; border-style: solid; border-color: rgb(229, 231, 235); --tw-shadow:0 0 #0000; --tw-ring-inset:var(--tw-empty, ); --tw-ring-offset-width:0px; --tw-ring-offset-color:#fff; --tw-ring-color:rgba(41, 110, 228, 0.5); --tw-ring-offset-shadow:0 0 #0000; --tw-ring-shadow:0 0 #0000; font-size: 16px; line-height: 32px; text-align: center; color: rgb(59, 59, 59); word-break: break-word; font-family: PingFang SC, Microsoft YaHei, Helvetica, Hiragino Sans GB, WenQuanYi Micro Hei, sans-serif; letter-spacing: 0.5px; white-space: normal; background-color: rgb(255, 255, 255);">
<link rel="stylesheet" href="//bbs.221700.com/source/plugin/wcn_editor/public/wcn_editor_fit.css?v134_QwW" id="wcn_editor_css"/> 二维码里面的bug 感谢分享 咋办 这新闻一发我好想扫一扫看会咋样{:13_603:} 感谢分享! 感谢分享! 还有这套路 现在的骗子很多
页:
[1]