From 564df5b8041ce846f6f29607e1acf42b7aed59ed Mon Sep 17 00:00:00 2001
From: orbisai0security <orbisai0security@users.noreply.github.com>
Date: Tue, 31 Mar 2026 09:54:39 +0000
Subject: [PATCH] fix: the calculator engine component uses unsafe mem... in
 exprtk.hpp

The Calculator Engine component uses unsafe memcpy operations without bounds checking at lines 44251 and 44317 in exprtk
---
 src/common/CalculatorEngineCommon/exprtk.hpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/common/CalculatorEngineCommon/exprtk.hpp b/src/common/CalculatorEngineCommon/exprtk.hpp
index 6ad76542f46e..ebe2055176e8 100644
--- a/src/common/CalculatorEngineCommon/exprtk.hpp
+++ b/src/common/CalculatorEngineCommon/exprtk.hpp
@@ -44248,6 +44248,11 @@ namespace exprtk
          const std::size_t fd_size    = sizeof(details::file_descriptor*);
          details::file_descriptor* fd = reinterpret_cast<file_descriptor*>(0);
 
+         if (sizeof(T) < fd_size)
+         {
+            throw std::runtime_error("exprtk::rtl::io::file - Error - pointer size larger than holder.");
+         }
+
          std::memcpy(reinterpret_cast<char_ptr >(&fd),
                      reinterpret_cast<char_cptr>(&v ),
                      fd_size);