Security vulnerabilities and automated fixes for null pointer dereference issues
4 posts found
A critical NULL pointer dereference vulnerability was discovered in `src/gotcha_utils.c` at line 84, where the `add_library()` function called `gotcha_malloc()` without checking whether the allocation succeeded before dereferencing the returned pointer. Because `gotcha_malloc` uses `mmap` internally, it can return `NULL` or `MAP_FAILED` under memory pressure, causing a segmentation fault that crashes the host application. The fix adds a single, targeted null check that returns early if allocatio
A critical vulnerability in `email/receive.cpp` allowed attackers to trigger a buffer overflow by sending crafted emails with large payloads. The `writefunc()` callback failed to validate that `realloc()` succeeded before writing to the reallocated pointer, risking NULL pointer dereference and potential code execution. The fix adds a simple bounds check that validates the realloc result before use.
A critical NULL pointer dereference vulnerability in the ESP8266 firmware's `user_interface.c` allowed attackers to crash devices by exhausting the limited 80KB heap memory. The `wifi_station_set_default_hostname()` function's `os_malloc` call lacked a proper NULL guard, causing `ets_sprintf` to write to address 0 when allocation failed. The fix corrected a logic inversion in the NULL check condition.
A high-severity NULL pointer dereference vulnerability was discovered and fixed in embedded eMMC storage handling code, where unchecked `malloc` and `calloc` return values could allow an attacker with a crafted eMMC image to crash the host process. The fix adds proper NULL checks after every memory allocation, preventing exploitation through maliciously oversized partition size fields. This type of vulnerability is surprisingly common in systems-level C code and serves as a reminder that defensi