Security vulnerabilities and automated fixes for memory management issues
2 posts found
A critical use-after-free vulnerability was discovered and patched in `zmap.h`, where freed memory pointers were not reset to a safe state after deallocation in the `map` destructor and move-assignment operator. This oversight allowed subsequent code paths — including destructors, iterators, and concurrent threads — to access memory that had already been returned to the allocator, creating a condition exploitable for arbitrary code execution. The fix, a two-line change adding `inner = {};` after
A critical memory safety vulnerability was discovered and fixed in the Linux kernel's SSDFS filesystem driver, where directly assigning the return value of krealloc() to the original pointer could cause use-after-free conditions or NULL pointer dereferences when memory allocation fails. This well-known dangerous pattern, explicitly warned against in Linux kernel coding guidelines, could allow attackers to trigger memory corruption under low-memory conditions. The fix implements the safe temporar