I was wondering if I would get a PR from some LLM on one of my repositories and lo! It has come to pass. I just received a notification that I have a PR for my 6809 assembler: Description: Four memcpy calls in opcodes.c copy opd->sz bytes from attacker-controlled source buffers (textstring.buf or buffer) into the fixed-size destination opd→bytes. The copy length opd->sz is derived from attacker-controlled assembly source input and is used directly without verifying it against the actual allocated size of opd→bytes or the actual length of the source buffer. When opd->sz exceeds the destination allocation, the memcpy writes beyond the end of opd→bytes, corrupting adjacent heap memory. On glibc systems this can be leveraged via tcache poisoning or other heap exploitation techniques to achieve arbitrary code execution. … Automated security fix by OrbisAI Security fix: add bounds check before memcpy in opcodes.c Okay. Let's see what you got. The table summary above the description lists…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.