util: fix deserialize buffer overflow

Open alonbl opened this issue 1 month ago • 2 comments

Missing check for source file increment.

Reported-by: Aarnav Bos [email protected]

Nov 06 '25 18:11 alonbl

@selvanair thank you so much for the review, I've modified the implementation to use macros, I hope now all is ok.

Nov 07 '25 19:11 alonbl

Looks good to me if returning a wrong value of *max is okay in case of error. Let's see whether the fuzzer can still crash it!

Nov 07 '25 21:11 selvanair

@selvanair @alonbl the fix also looks good from the fuzzing side!

Nov 10 '25 08:11 R9295

Thank you all!

Nov 10 '25 14:11 alonbl