SIGSEGV on custom EIP

[dzonerzy]

Hi,

While i was auditing frozen library using PyJFuzz, I came across a crash due to invalid call (call rax) , this is highly exploitable since allow full control over EIP just parsing the JSON, below the tastcase!

a735561449d2493fcaddab8c5b8147ad0622636a.txt

I didn't investigate further the root cause, anyway seems to be related to callback function.

Regards,
Daniele Linguaglossa

[cpq]

@dzonerzy thank you.
Dima, ditto.

[dimonomid]

This one is also fixed by 76c3c44 . @dzonerzy , thanks!