Security vulnerabilities and automated fixes for resource parsing issues
1 post found
A critical heap buffer overflow was discovered in `engine/src/yep.c` at line 448, where `sprintf()` copied an attacker-controlled file path into a fixed 64-byte `node->name` buffer with zero bounds checking. By crafting a malicious resource package file containing an oversized path, an attacker could corrupt adjacent heap memory — potentially enabling arbitrary code execution. The fix replaces the unbounded `sprintf()` call with `snprintf()`, enforcing the 64-byte limit at the call site.