Skip to content

fix: at glob/glob in glob.c#186

Merged
rocky merged 1 commit into
Trepan-Debuggers:remake-4-4from
orbisai0security:fix-glob-heap-buffer-overflow-v-001
May 16, 2026
Merged

fix: at glob/glob in glob.c#186
rocky merged 1 commit into
Trepan-Debuggers:remake-4-4from
orbisai0security:fix-glob-heap-buffer-overflow-v-001

Conversation

@orbisai0security
Copy link
Copy Markdown
Contributor

@orbisai0security orbisai0security commented May 16, 2026

Summary

Fix critical severity security issue in glob/glob.c.

Vulnerability

Field Value
ID V-001
Severity CRITICAL
Scanner multi_agent_ai
Rule V-001
File glob/glob.c:401
CWE CWE-120

Description: At glob/glob.c:401, the buffer 'onealt' is allocated as strlen(pattern)-1 bytes. At line 414, memcpy copies 'begin - pattern' bytes from 'pattern' into 'onealt' without verifying that the copy length fits within the allocated buffer. A crafted alternation pattern where the prefix before the opening brace is longer than strlen(pattern)-1 causes a heap buffer overflow. Lines 472-473 compound this by copying additional data (next-p bytes plus rest_len bytes) into alt_start derived from onealt without any bounds validation, potentially overflowing the same buffer a second time.

Changes

  • glob/glob.c

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

Automated security fix by OrbisAI Security

@orbisai0security
fix: V-001 security vulnerability
8ccf5a1 
Automated security fix generated by Orbis Security AI
@rocky rocky merged commit f5627a5 into Trepan-Debuggers:remake-4-4 May 16, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@orbisai0security @rocky