Skip to content

fix: multiple memcpy calls in image processing funct... in bmms.c#17

Open
orbisai0security wants to merge 1 commit into
mnhrdt:masterfrom
orbisai0security:fix-integer-overflow-malloc-bmms
Open

fix: multiple memcpy calls in image processing funct... in bmms.c#17
orbisai0security wants to merge 1 commit into
mnhrdt:masterfrom
orbisai0security:fix-integer-overflow-malloc-bmms

Conversation

@orbisai0security
Copy link
Copy Markdown

@orbisai0security orbisai0security commented May 12, 2026

Summary

Fix critical severity security issue in src/bmms.c.

Vulnerability

Field Value
ID V-001
Severity CRITICAL
Scanner multi_agent_ai
Rule V-001
File src/bmms.c:163
CWE CWE-120

Description: Multiple memcpy calls in image processing functions do not validate that the source data fits within the destination allocation. In src/bmms.c:163, the expression w * h * pd * sizeof*tmp can overflow if attacker-controlled image dimensions are large, resulting in an undersized allocation followed by a heap buffer overflow. In src/imprintf.c:562-564, exactly 0x100 bytes are copied from bufopt into a 0x100-byte allocation without verifying bufopt is null-terminated or bounded within 0x100 bytes. In src/ransac.c:106-108, the size s used in memcpy is not validated against the actual allocation sizes of the target buffers.

Changes

  • src/bmms.c

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

Automated security fix by OrbisAI Security

@orbisai0security
fix: V-001 security vulnerability
d20ec50 
Automated security fix generated by Orbis Security AI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@orbisai0security