Skip to content

Release v1.1.1: Stack Allocation Math Refactoring for Low-Address Pointer Underflow Security

Choose a tag to compare

@gooderfreed gooderfreed released this 23 Jun 13:58
6f2f0a2

This release introduces a critical security and robustness update for bare-metal systems, refactoring the mathematical condition of the boundary check to prevent pointer underflow.

Security & Robustness (Low-Address Architectures)

  • Pointer Underflow Prevention: Solved a potential pointer underflow vulnerability inside estack_alloc_aligned occurring on microcontrollers and raw hardware platforms where RAM is mapped close to the bottom of the address space (e.g., base addresses near 0x0).
  • Modular Math Resolution: Refactored the single boundary check to use safe size-based offsets (new_right_offset + metadata_overhead > capacity) instead of comparing raw pointer addresses. Exploited the natural wrapping behaviors of C unsigned modular arithmetic, allowing aligned_ptr to wrap safely and cancel out during the final offset calculation, maintaining the single flat check with zero extra branch penalties.

Complex inside. Simple outside.