orbisai0security commented on PR #18881: URL: https://github.com/apache/nuttx/pull/18881#issuecomment-4457064763
Thanks for reviewing. I agree that the original description overstated the security impact. The concrete issue here is narrower: both realloc calls assign directly back to the stored pointer. If realloc fails, the previous allocation is lost, and the plugin state becomes inconsistent before returning `-ENOMEM`. The patch switches to the standard temporary-pointer pattern so the old allocation is preserved on allocation failure. I also want to correct my wording: the `regsaddr` realloc return value was not discarded; it was assigned directly, so the concern is the same realloc-failure/leak/state-consistency issue as `pidhash`, not a demonstrated UAF. I’m happy to reopen/resubmit this as a small tooling robustness fix rather than a critical security vulnerability, with a title such as: `tools/jlink: preserve old buffers on realloc failure` and remove the scanner severity language from the description. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
