Skip to content

Avoid out-of-bounds access on global data#14363

Merged
OhadMeir merged 1 commit into
realsenseai:developmentfrom
torstenbaer:14356_global_buffer_overflow
Oct 21, 2025
Merged

Avoid out-of-bounds access on global data#14363
OhadMeir merged 1 commit into
realsenseai:developmentfrom
torstenbaer:14356_global_buffer_overflow

Conversation

@torstenbaer

Copy link
Copy Markdown
Contributor

The issue can be easily seen with the address sanitizer. 'realsense_udev_rules' is a generated char[] that is not NUL-terminated. Assigning to a std::string involves a strlen() call. Obviously, that call cannot find the NUL in the char array and thus accesses at least one byte outside of that buffer.

We could alternatively ensure that the generated buffer is NUL-terminated (not sure, whether there are other such generated char arrays), or we could provide the actual length to the constructor.

I have chosen the latter one here, because it avoids the strlen() call (roughly 10KB to scan).

This fixes the issue 14356.

@sysrsbuild

Copy link
Copy Markdown
Contributor

Can one of the admins verify this patch?

@torstenbaer torstenbaer changed the title Provide the exact array length to avoid the strlen() call Avoid out-of-bounds access on global data Oct 19, 2025
@Nir-Az Nir-Az requested a review from Copilot October 20, 2025 12:41

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR ensures construction of a std::string from a non-NUL-terminated generated char array without invoking strlen, preventing out-of-bounds reads and eliminating an unnecessary 10KB scan.

  • Replace implicit C-string constructor (which called strlen) with length-aware constructor using sizeof.
  • Add an explanatory comment about lack of NUL termination.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread common/viewer.cpp
Comment thread common/viewer.cpp
@Nir-Az Nir-Az requested a review from OhadMeir October 20, 2025 13:37
@OhadMeir

Copy link
Copy Markdown
Contributor

@torstenbaer thank you for the contribution.

An internal ticket have been created to add automatic address sanitizer checks for viewer code, currently only SDK is checked.

@OhadMeir OhadMeir merged commit a389ca2 into realsenseai:development Oct 21, 2025
25 checks passed
@torstenbaer torstenbaer deleted the 14356_global_buffer_overflow branch October 21, 2025 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants