Upstream/waveterm
1
0
Fork 0
mirror of https://github.com/wavetermdev/waveterm.git synced 2024-12-22 16:48:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
9e84c332c9
waveterm/pkg
History
Evan Simkowitz 1fc6dd7c1a
Fix code scanning alert no. 50: Size computation for allocation may overflow (#1088) 
Fixes
[https://github.com/wavetermdev/waveterm/security/code-scanning/50](https://github.com/wavetermdev/waveterm/security/code-scanning/50)

To fix the problem, we need to ensure that the size computation for the
allocation does not overflow. This can be achieved by validating the
length of `barr` before performing the arithmetic operation. We will set
a maximum allowable size for `barr` to ensure that the sum of
`oscPrefixLen(oscNum)` and `len(barr)` does not exceed the maximum value
for an `int`.

1. Define a maximum allowable size for `barr` (e.g., 64 MB).
2. Check the length of `barr` against this maximum size before
performing the allocation.
3. If `barr` exceeds the maximum size, return an error.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2024-10-21 14:05:52 -07:00
..
authkey make auth key header a constant 2024-08-26 13:55:47 -07:00
blockcontroller Fix code scanning alert no. 50: Size computation for allocation may overflow (#1088) 2024-10-21 14:05:52 -07:00
docsite Fix 404 for docsite subpages when hard reloading app (#995) 2024-10-09 12:42:33 -07:00
eventbus Migrate websocket eventbus messages to wps (#367) 2024-09-11 18:03:55 -07:00
filestore update all gopkg imports (#330) 2024-09-05 14:25:45 -07:00
gogen update all gopkg imports (#330) 2024-09-05 14:25:45 -07:00
ijson metadata updates (frontend typing) (#174) 2024-07-30 12:33:28 -07:00
remote fix: add conn prefix to askbeforewshinstall flag (#1013) 2024-10-10 17:23:27 -07:00
service fix initial size of windows (#1011) 2024-10-10 16:12:56 -07:00
shellexec add term:localshellopts (#914) 2024-09-30 21:19:07 -07:00
telemetry send autoupdate enabled/channel w/ telemetry 2024-09-19 11:58:01 -07:00
trimquotes SSH Agent Integration (#334) 2024-09-06 13:19:38 -07:00
tsgen Revert "better conditional taskfile running" (#872) 2024-09-26 14:36:47 -07:00
userinput Migrate websocket eventbus messages to wps (#367) 2024-09-11 18:03:55 -07:00
util implement a config error button + message modal that shows the errors (#1030) 2024-10-14 14:57:12 -07:00
vdom working on vdom implementation, other fixes (#136) 2024-07-23 13:16:53 -07:00
waveai Move AI model configs to presets and add a dropdown to swap between configs (#1024) 2024-10-12 18:40:14 -04:00
wavebase only use filemutex for windows (#960) 2024-10-04 12:20:52 -07:00
waveobj Plot Sysinfo (#1054) 2024-10-17 15:19:13 -07:00
wcloud send autoupdate enabled/channel w/ telemetry 2024-09-19 11:58:01 -07:00
wconfig Fix edge case with Wave Proxy AI preset (#1073) 2024-10-18 14:27:48 -07:00
wcore fix initial size of windows (#1011) 2024-10-10 16:12:56 -07:00
web fix websocket reconnect error (#1064) 2024-10-18 12:05:20 -07:00
wlayout Plot Sysinfo (#1054) 2024-10-17 15:19:13 -07:00
wps Migrate websocket eventbus messages to wps (#367) 2024-09-11 18:03:55 -07:00
wshrpc ws reconnection bug + clean up logging (#1058) 2024-10-17 23:42:55 -07:00
wshutil Fix code scanning alert no. 50: Size computation for allocation may overflow (#1088) 2024-10-21 14:05:52 -07:00
wstore legacy message for v7 upgrades (#858) 2024-09-25 15:52:12 -07:00