> On 10 Jun 2025, at 14:59, David Geier <[email protected]> wrote:
>
> Hi hackers!
>
> SerializeLibraryState() writes 1 byte too much into the buffer pointed to by
> start_address. This is the very last '\0' it writes after the loop. Attached
> is a patch that fixes the problem by accounting for that extra byte in
> EstimateLibraryStateSpace()
The last '\0' written isn't performed in relation to the size, but at a fixed
index in the buffer:
...
}
start_address[0] = '\0';
How would that cause a buffer overflow?
--
Daniel Gustafsson
