Submeter #769773: ThakeeNathees pocketlang master-branch Integer Overflowinformação

Título	ThakeeNathees pocketlang master-branch Integer Overflow
Descrição	### Description The crash occurs in pkByteBufferAddString due to an extremely large length value (4294967290), which suggests an integer underflow during string length calculation. This is triggered when the compiler attempts to report a "Non terminated string" error, causing the error-reporting logic itself to crash. ### Environment - OS: Linux x86_64 - Complier: Clang - Build Configuration: Release mode ### Reproduce 1. Build pocketlang with Release optimization. 2. Run with the crashing [file](https://github.com/oneafter/0211/blob/main/po/repro): ``` gdb --args ./bin/pocket repro run bt ``` <details> <summary>gdb stack</summary> ``` Program received signal SIGSEGV, Segmentation fault. 0x000055555556e9e3 in pkByteBufferAddString (self=self@entry=0x7fffffff8928, vm=vm@entry=0x55555559a2a0, str=0x5555555bb000 <error: Cannot access memory at address 0x5555555bb000>, str@entry=0x5555555b0357 "", length=4294967290) at src/core/value.c:40 40 self->data[self->count++] = *(str++); (gdb) bt #0 0x000055555556e9e3 in pkByteBufferAddString ( self=self@entry=0x7fffffff8928, vm=vm@entry=0x55555559a2a0, str=0x5555555bb000 <error: Cannot access memory at address 0x5555555bb000>, str@entry=0x5555555b0357 "", length=4294967290) at src/core/value.c:40 #1 0x000055555556a1fd in reportCompileTimeError (vm=0x55555559a2a0, path=<optimized out>, line=140, source=<optimized out>, at=0x5555555b0351 "", length=157, fmt=0x5555555859e0 "Non terminated string.", args=0x7fffffff89e0) at src/core/debug.c:114 #2 0x000055555555cf1f in reportError (parser=<optimized out>, tk=..., fmt=0xffff5352 <error: Cannot access memory at address 0xffff5352>, args=0xaf516c9200fec699) at src/core/compiler.c:611 #3 syntaxError (compiler=compiler@entry=0x7fffffff8c60, tk=..., fmt=0xffff5352 <error: Cannot access memory at address 0xffff5352>) at src/core/compiler.c:627 #4 0x0000555555560b52 in eatString (compiler=0x7fffffff8c60, single_quote=<optimized out>) at src/core/compiler.c:696 #5 0x000055555555b28d in compile (vm=vm@entry=0x55555559a2a0, module=module@entry=0x5555555aef90, source=<optimized out>, options=options@entry=0x0) at src/core/compiler.c:3425 #6 0x000055555556be8b in pkRunFile (vm=vm@entry=0x55555559a2a0, path=<optimized out>) at src/core/public.c:419 #7 0x0000555555558040 in main (argc=1, argv=0x7fffffffe168) at cli/main.c:132 ``` </details>
Fonte	⚠️ https://github.com/ThakeeNathees/pocketlang/issues/302
Utilizador	Oneafter (UID 92781)
Submissão	02/03/2026 04h11 (há 2 meses)
Moderação	11/03/2026 20h04 (10 days later)
Estado	Aceite
Entrada VulDB	350533 [ThakeeNathees pocketlang até cc73ca61b113d48ee130d837a7a8b145e41de5ce pkByteBufferAddString length Excesso de tampão]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!