Category

Static Analysis

Security vulnerabilities and automated fixes for static analysis issues

22 posts found

high8 min

How buffer overflow from unsafe string copy functions happens in C network interface code and how to fix it

A high-severity buffer overflow vulnerability was discovered in `generic/eth-impl.c`, where unsafe `strncpy()` and `sprintf()` calls could write beyond buffer boundaries when handling network interface names and device filenames. The fix replaced these dangerous functions with bounded `snprintf()` calls that guarantee null-termination and prevent memory corruption.

#buffer-overflow#c-security#memory-safety+4 more
O
orbisai0security
Jul 12, 2026
critical7 min

How buffer overflow in locale name processing happens in C and how to fix it

A critical buffer overflow vulnerability was discovered in `intl/localename.c` where the `gl_locale_name_canonicalize()` function used unsafe `strcpy()` operations to copy locale names into fixed-size buffers without bounds checking. An attacker controlling locale environment variables could overflow the destination buffer, leading to memory corruption and potential code execution. The fix replaced `strcpy()` with bounded `strncpy()` calls to prevent buffer overruns.

#buffer-overflow#c-security#strcpy+4 more
O
orbisai0security
Jul 11, 2026
critical7 min

How buffer overflow happens in C strcpy() and how to fix it

A critical buffer overflow vulnerability was discovered in `sbin/restore/tape.c` where the `setinput()` function used unsafe `strcpy()` to copy user-controlled input into a fixed-size buffer without bounds checking. The fix replaces `strcpy()` with `strlcpy()`, which enforces a maximum copy length and prevents the overflow. This vulnerability could have allowed attackers to corrupt memory and potentially execute arbitrary code through long command-line arguments.

#buffer-overflow#c-security#strcpy+4 more
O
orbisai0security
Jul 11, 2026
high8 min

How insecure string copy functions happen in C calculations.c and how to fix it

A high-severity buffer overflow vulnerability was discovered in `src/calculations.c` at line 37, where a two-step `strncpy` + manual null-termination pattern left the door open for subtle memory safety bugs when copying string data into the `entry->type` field. The fix replaces both lines with a single `snprintf` call that handles bounds and null-termination atomically, eliminating the risk entirely. This is a common C pitfall that affects production CLI tools and can be exploited when attacker-

#buffer-overflow#c-security#strncpy+4 more
O
orbisai0security
Jul 11, 2026
high5 min

How buffer overflow via sprintf() happens in C networking code and how to fix it

A high-severity buffer overflow vulnerability was discovered in `profile.c` where `sprintf()` was used to format server addresses without any bounds checking. An attacker who could influence the `SERVER_BASE_PORT` value or trigger integer overflow in the port calculation could write beyond the `server_address` buffer. The fix replaces `sprintf()` with `snprintf()` using explicit buffer size limits at both call sites (lines 99 and 220).

#security#buffer-overflow#c+4 more
O
orbisai0security
Jul 9, 2026
high8 min

How insecure string copy functions happen in C apputils.c and how to fix it

A high-severity buffer overflow vulnerability was discovered in `src/apps/common/apputils.c`, where `strncpy()` was used without guaranteed null-termination across four call sites — including the `sock_bind_to_device()` and `getdomainname()` functions. The fix replaces all unsafe `strncpy()` calls with `snprintf()`, which enforces both length bounds and automatic null-termination. Left unpatched, these flaws could allow an attacker to corrupt memory, crash the process, or potentially execute arb

#buffer-overflow#c-security#strncpy+4 more
O
orbisai0security
Jul 7, 2026
critical5 min

How buffer overflow via strcpy() happens in C zlib and how to fix it

A critical buffer overflow vulnerability was discovered in `general/libzlib/gzlib.c` where multiple `strcpy()` and `strcat()` calls operated without bounds checking. An attacker controlling file paths or error messages could overflow destination buffers, potentially achieving arbitrary code execution. The fix replaces these unsafe string operations with bounded `memcpy()` calls that respect pre-calculated buffer lengths.

#security#buffer-overflow#c+4 more
O
orbisai0security
Jul 6, 2026
critical8 min

How buffer overflow in stb_image.h memcpy happens in C image parsing and how to fix it

A critical buffer overflow vulnerability was discovered in stb_image.h at line 4823, where a memcpy operation copied image data without validating buffer bounds. The multiplication of width (x) and channel count (img_n) could overflow or exceed allocated memory, allowing attackers to corrupt memory through malicious PNG files. The fix adds an explicit size_t cast to prevent integer overflow during the buffer size calculation.

#buffer-overflow#c-security#image-parsing+4 more
O
orbisai0security
Jul 6, 2026
high6 min

How buffer overflow happens in C sprintf() and how to fix it

A high-severity buffer overflow vulnerability was discovered in `src/GL/arbgenerator.c` where `sprintf()` was used without size bounds checking on an 11-byte buffer. The fix replaces unsafe `sprintf()` calls with `snprintf()`, enforcing strict buffer boundaries and preventing potential heap corruption or code execution attacks.

#buffer-overflow#c-security#sprintf+4 more
O
orbisai0security
Jul 6, 2026
critical7 min

How buffer overflow in strcpy() happens in C configuration parsing and how to fix it

A critical buffer overflow vulnerability in `src/rpconfig.h` allowed attackers to corrupt memory by providing configuration values exceeding buffer size limits. The `rpcSetText()` function used `strcpy()` to copy user-controlled data into a fixed 256-byte buffer without bounds checking, enabling stack corruption and potential code execution. Replacing `strcpy()` with `strncpy()` and enforcing a 255-byte limit eliminated the overflow risk.

#buffer-overflow#c-security#strcpy+4 more
O
orbisai0security
Jul 4, 2026
critical7 min

How buffer overflow happens in C gdb-server and how to fix it

A critical buffer overflow vulnerability was discovered in `src/st-util/gdb-server.c` where unbounded `memcpy()` and `strcpy()` calls could write beyond allocated buffer boundaries when processing user-supplied command-line arguments. The fix replaces all unsafe string operations with bounds-checked alternatives like `snprintf()` and `memcpy()` with explicit length validation.

#buffer-overflow#c-security#memory-safety+4 more
O
orbisai0security
Jul 3, 2026
critical8 min

How integer overflow in buffer size calculations happens in C and how to fix it

A critical integer overflow vulnerability was discovered in `src/api.c`'s `find_config_path()` function, where string lengths were added together without overflow checks before allocating a buffer. An attacker controlling environment variables like `APPDATA`, `HOME`, or `XDG_DATA_HOME` could supply extremely long values to trigger an integer overflow, resulting in an undersized buffer allocation and a subsequent heap buffer overflow. The fix adds explicit overflow guards using `SIZE_MAX` compari

#c#integer-overflow#buffer-overflow+4 more
O
orbisai0security
Jun 30, 2026