[HAL/ARM] Bound early debug print formatting#9017
Conversation
|
i love how it completely hallucinated the exec() part |
|
This change replaces an unbounded vsprintf() with a fixed 1024-byte stack buffer in DbgPrintEarly() with bounded formatting. I agree this should not be described as an exec() issue or as a demonstrated critical vulnerability. I do not currently have a reproducer showing attacker-controlled input reaching this path. The intent is defensive hardening: avoid accidental stack corruption if an early debug message expands beyond the local buffer. I can also update the patch to explicitly preserve null termination after vsnprintf() if preferred. |
orbisai0security
changed the title
binarymaster
changed the title
binarymaster
changed the title
binarymaster
left a comment
binarymaster
left a comment
There was a problem hiding this comment.
Hello,
Thanks for your interest in ReactOS!
We ask our contributors to use their full name when committing.
Please amend your commit with your full name, and update this PR.
To change this for future PR's, you can update it for globally (for the system):
git config --global user.name "Your Name"
git config --global user.email you@example.com
Or just for the current repository:
git config user.name "Your Name"
git config user.email you@example.com
Also please set up your GitHub account accordingly, so maintainers can use Squash & Merge button without getting the author field modified back to nickname by GitHub:
- Set your full name in GitHub profile settings (it should match your
user.namesetting)
Regards,
github-project-automation
Bot
moved this from New PRs
to WIP / Waiting on contributor
in ReactOS PRs
orbisai0security
force-pushed
the
fix-halarm-vsprintf-buffer-overflow
branch
from
0b27aa6 to
c8ec537
Compare
I've made these changes. Let me know if something is still off. |
It must be a legal name of a person responsible for the change, not the organization. https://github.com/reactos/reactos/blob/master/CONTRIBUTING.md#rules-and-recommendations Using the organization name keeps the author anonymous, which is not allowed. |
This is an AI scanner with a human in the loop. So the name is what is used at all places for the AI scanner. |
binarymaster
added
the
AI-assisted PR
Using the organization or AI agent name keeps the responsible person behind it anonymous, which is not allowed. |
from what I know, the maintainer of this "AI scanner" is @anupamme |
yes that is correct. If it is a mandatory requirement - I can change it to my account. |
|
Then please set your name for it, you can keep existing email. |
Replace unbounded vsprintf() call in DbgPrintEarly() with vsnprintf() when formatting into a fixed-size 1024-byte stack buffer in ARM HAL. Automated security fix generated by Orbis Security AI. CORE-17604 Co-authored-by: OrbisAI Security <mediratta01.pally@gmail.com>
orbisai0security
force-pushed
the
fix-halarm-vsprintf-buffer-overflow
branch
from
c8ec537 to
ecfa625
Compare
|
Is this okay now? |
binarymaster
added
the
no squash merge
github-project-automation
Bot
moved this from WIP / Waiting on contributor
to Approved by reviewers
in ReactOS PRs
binarymaster
force-pushed
the
fix-halarm-vsprintf-buffer-overflow
branch
from
ecfa625 to
85a3149
Compare
github-project-automation
Bot
moved this from Approved by reviewers
to Done
in ReactOS PRs
7 participants
Summary
This PR replaces an unbounded
vsprintf()call inDbgPrintEarly()withvsnprintf()when formatting into a fixed-size 1024-byte stack buffer.Rationale
DbgPrintEarly()currently formats debug output into a local buffer:Changes
hal/halarm/generic/halinit.cVerification
Automated security fix by OrbisAI Security