Skip to content

fix: add integer overflow check in filesystem.c...#75

Open
orbisai0security wants to merge 2 commits into
beyluta:masterfrom
orbisai0security:fix-integer-overflow-malloc-filesystem
Open

fix: add integer overflow check in filesystem.c...#75
orbisai0security wants to merge 2 commits into
beyluta:masterfrom
orbisai0security:fix-integer-overflow-malloc-filesystem

Conversation

@orbisai0security
Copy link
Copy Markdown

@orbisai0security orbisai0security commented May 22, 2026

Summary

Fix high severity security issue in src/filesystem.c.

Vulnerability

Field Value
ID utils.custom.integer-overflow-malloc
Severity HIGH
Scanner semgrep
Rule utils.custom.integer-overflow-malloc
File src/filesystem.c:489

Description: Arithmetic multiplication used to compute allocation size without overflow check. If the multiplication wraps, a too-small buffer is allocated, leading to heap overflow. Check for overflow before allocating.

Changes

  • src/filesystem.c

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

Automated security fix by OrbisAI Security

@orbisai0security
fix: utils.custom.integer-overflow-malloc security vulnerability
589366c 
Automated security fix generated by OrbisAI Security
@beyluta beyluta requested a review from Copilot May 22, 2026 13:35
Copilot AI reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates src/filesystem.c to address a reported integer-overflow-in-allocation finding and to simplify a few string copy operations.

Changes:

  • Replace strncpy + impossible NULL-return checks with direct memcpy in path helper functions.
  • Switch filename buffer allocation from malloc(sizeof(char) * (MAX_STR_SIZE + 1)) to calloc(MAX_STR_SIZE + 1, sizeof(char)).
  • Replace strncpy with memcpy when copying dirent->d_name into the allocated buffer.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/filesystem.c
Comment thread src/filesystem.c Outdated
@orbisai0security
Copy link
Copy Markdown
Author

orbisai0security commented May 23, 2026

Review Feedback Addressed

I've automatically addressed 2 review comment(s):

Two functions in src/filesystem.c have off-by-one / leading-slash bugs in their manual backward-scan loops:

  1. ww_get_root_dir: loops i from len down to 1 (exclusive of 0), so a leading / at index 0 is never matched. Input "/file" returns "/file" instead of "/". Replacing the loop with strrchr and treating a slash at position 0 as end = 1 fixes the edge case.

  2. ww_get_filename_from_absolute_path: sets start = i (the index of the / itself) and copies from &src[start], so the result includes the leading slash (e.g. "/tmp/a.txt""/a.txt"). It also misses a / at index 0. Replacing with strrchr and copying from slash + 1 fixes both problems.

Files modified:

  • src/filesystem.c

The changes have been pushed to this PR branch. Please review!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@orbisai0security