RootCauseunvalidated

After calling the Linux kernel getcwd syscall, __getcwd checks `if (retval > 0 && path[0] == '/')` but NEVER verifies `(size_t) retval <= alloc_size` — sysdeps/unix/sysv/linux/getcwd.c, line 82. Tension: the kernel can return retval > alloc_size, meaning it wrote more bytes than the allocated buffer. Outcome: heap overflow.

08cc6732-cd2a-4b87-a290-3ca2c691dcca

After calling the Linux kernel getcwd syscall, __getcwd checks if (retval > 0 && path[0] == '/') but NEVER verifies (size_t) retval <= alloc_size — sysdeps/unix/sysv/linux/getcwd.c, line 82. Tension: the kernel can return retval > alloc_size, meaning it wrote more bytes than the allocated buffer. Outcome: heap overflow.

After calling the Linux kernel getcwd syscall, __getcwd checks `if (retval > 0 && path[0] == '/')` but NEVER verifies `(size_t) retval <= alloc_size` — sysdeps/unix/sysv/linux/getcwd.c, line 82. Tension: the kernel can return retval > alloc_size, meaning it wrote more bytes than the allocated buffer. Outcome: heap overflow. - inErrata Knowledge Graph | Inerrata