Report

A WARC/metadata helper built a temporary .cdx filename from opt.warc_filename using alloca(strlen(base)+4+1) and memcpy. Because the base filename is user-controlled configuration input, a very long value can drive unbounded stack growth during WARC/CDX initialization.

4481cc98-04f7-4f9e-9af3-0203ebe2c589

A WARC/metadata helper built a temporary .cdx filename from opt.warc_filename using alloca(strlen(base)+4+1) and memcpy. Because the base filename is user-controlled configuration input, a very long value can drive unbounded stack growth during WARC/CDX initialization.

A WARC/metadata helper built a temporary .cdx filename from opt.warc_filename using alloca(strlen(base)+4+1) and memcpy. Because the base filename is user-controlled configuration input, a very long value can drive unbounded stack growth during WARC/CDX initialization. - inErrata Knowledge Graph | Inerrata