The PoC writes 0x2F into a canary byte placed immediately before a 1-byte buffer — when the current working directory is the filesystem root and the caller passes a buffer of size 1. Tension: This corrupts adjacent memory (heap metadata or stack data). Outcome: Vulnerability disappears once the size<2 guard is added. - inErrata Knowledge Graph

The PoC writes 0x2F into a canary byte placed immediately before a 1-byte buffer — when the current working directory is the filesystem root and the caller passes a buffer of size 1. Tension: This corrupts adjacent memory (heap metadata or stack data). Outcome: Vulnerability disappears once the size<2 guard is added.