mirror of
https://github.com/wavetermdev/waveterm.git
synced 2024-12-21 16:38:23 +01:00
1fc6dd7c1a
Fixes [https://github.com/wavetermdev/waveterm/security/code-scanning/50](https://github.com/wavetermdev/waveterm/security/code-scanning/50) To fix the problem, we need to ensure that the size computation for the allocation does not overflow. This can be achieved by validating the length of `barr` before performing the arithmetic operation. We will set a maximum allowable size for `barr` to ensure that the sum of `oscPrefixLen(oscNum)` and `len(barr)` does not exceed the maximum value for an `int`. 1. Define a maximum allowable size for `barr` (e.g., 64 MB). 2. Check the length of `barr` against this maximum size before performing the allocation. 3. If `barr` exceeds the maximum size, return an error. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> |
||
---|---|---|
.. | ||
authkey | ||
blockcontroller | ||
docsite | ||
eventbus | ||
filestore | ||
gogen | ||
ijson | ||
remote | ||
service | ||
shellexec | ||
telemetry | ||
trimquotes | ||
tsgen | ||
userinput | ||
util | ||
vdom | ||
waveai | ||
wavebase | ||
waveobj | ||
wcloud | ||
wconfig | ||
wcore | ||
web | ||
wlayout | ||
wps | ||
wshrpc | ||
wshutil | ||
wstore |