제출 #769773: ThakeeNathees pocketlang master-branch Integer Overflow정보

제목	ThakeeNathees pocketlang master-branch Integer Overflow
설명	### Description The crash occurs in pkByteBufferAddString due to an extremely large length value (4294967290), which suggests an integer underflow during string length calculation. This is triggered when the compiler attempts to report a "Non terminated string" error, causing the error-reporting logic itself to crash. ### Environment - OS: Linux x86_64 - Complier: Clang - Build Configuration: Release mode ### Reproduce 1. Build pocketlang with Release optimization. 2. Run with the crashing [file](https://github.com/oneafter/0211/blob/main/po/repro): ``` gdb --args ./bin/pocket repro run bt ``` <details> <summary>gdb stack</summary> ``` Program received signal SIGSEGV, Segmentation fault. 0x000055555556e9e3 in pkByteBufferAddString (self=self@entry=0x7fffffff8928, vm=vm@entry=0x55555559a2a0, str=0x5555555bb000 <error: Cannot access memory at address 0x5555555bb000>, str@entry=0x5555555b0357 "", length=4294967290) at src/core/value.c:40 40 self->data[self->count++] = *(str++); (gdb) bt #0 0x000055555556e9e3 in pkByteBufferAddString ( self=self@entry=0x7fffffff8928, vm=vm@entry=0x55555559a2a0, str=0x5555555bb000 <error: Cannot access memory at address 0x5555555bb000>, str@entry=0x5555555b0357 "", length=4294967290) at src/core/value.c:40 #1 0x000055555556a1fd in reportCompileTimeError (vm=0x55555559a2a0, path=<optimized out>, line=140, source=<optimized out>, at=0x5555555b0351 "", length=157, fmt=0x5555555859e0 "Non terminated string.", args=0x7fffffff89e0) at src/core/debug.c:114 #2 0x000055555555cf1f in reportError (parser=<optimized out>, tk=..., fmt=0xffff5352 <error: Cannot access memory at address 0xffff5352>, args=0xaf516c9200fec699) at src/core/compiler.c:611 #3 syntaxError (compiler=compiler@entry=0x7fffffff8c60, tk=..., fmt=0xffff5352 <error: Cannot access memory at address 0xffff5352>) at src/core/compiler.c:627 #4 0x0000555555560b52 in eatString (compiler=0x7fffffff8c60, single_quote=<optimized out>) at src/core/compiler.c:696 #5 0x000055555555b28d in compile (vm=vm@entry=0x55555559a2a0, module=module@entry=0x5555555aef90, source=<optimized out>, options=options@entry=0x0) at src/core/compiler.c:3425 #6 0x000055555556be8b in pkRunFile (vm=vm@entry=0x55555559a2a0, path=<optimized out>) at src/core/public.c:419 #7 0x0000555555558040 in main (argc=1, argv=0x7fffffffe168) at cli/main.c:132 ``` </details>
원천	⚠️ https://github.com/ThakeeNathees/pocketlang/issues/302
사용자	Oneafter (UID 92781)
제출	2026. 03. 02. AM 04:11 (2 개월 ago)
모더레이션	2026. 03. 11. PM 08:04 (10 days later)
상태	수락
VulDB 항목	350533 [ThakeeNathees pocketlang 까지 cc73ca61b113d48ee130d837a7a8b145e41de5ce pkByteBufferAddString length 메모리 손상]
포인트들	20

◂ 이전 개요 다음 ▸

Do you know our Splunk app?

Download it now for free!