Skip to content

libexpr: Do not overflow heap buffer when there are too many formal a… #14439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 1, 2025
Merged

libexpr: Do not overflow heap buffer when there are too many formal a… #14439

merged 1 commit into from
Nov 1, 2025

Conversation

@xokdvium
Copy link
Contributor

@xokdvium xokdvium commented Nov 1, 2025

…rguments

Motivation

3a3c062 introduced a buffer overflow for the case when there are more than 65535 formal arguments. It is a perfectly reasonable limitation, but we must not crash, corrupt memory or otherwise crash the process.

Add a test for the graceful behavior and switch to using an explicit uninitialized_copy_n to further guard against buffer overflows.

Context

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@xokdvium
libexpr: Do not overflow heap buffer when there are too many formal a…
134613e 
…rguments

3a3c062 introduced a buffer overflow for the
case when there are more than 65535 formal arguments. It is a perfectly reasonable
limitation, but we *must* not crash, corrupt memory or otherwise crash the process.

Add a test for the graceful behavior and switch to using an explicit uninitialized_copy_n
to further guard against buffer overflows.
@xokdvium xokdvium requested a review from edolstra as a code owner November 1, 2025 09:59
@Ericson2314
Copy link
Member

Ericson2314 commented Nov 1, 2025

Good catch, sorry I missed this.

@Ericson2314 Ericson2314 added this pull request to the merge queue Nov 1, 2025
Merged via the queue into master with commit 6fa7510 Nov 1, 2025
21 checks passed
@Ericson2314 Ericson2314 deleted the no-buffer-overflows branch November 1, 2025 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ericson2314 Ericson2314 Ericson2314 approved these changes

@Radvendii Radvendii Awaiting requested review from Radvendii

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xokdvium @Ericson2314