tyiu/damus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nostrdb: Fix heap buffer overflow

Browse Source 
The Address Sanitizer detected a heap buffer overflow during a memcpy operation
in nostrdb.c associated with note parsing.

It was found that not enough memory was being allocated to the buffer to
support all the content parsing.

Allocation size was increased to support the memory needed for the
parsing operations. However, the new number was not carefully calculated
as we will not run into this code path once we switch to the local relay
model.

Changelog-Fixed: Fixed memory error in nostrdb
Signed-off-by: Daniel D’Aquino <daniel@daquino.me>
This commit is contained in:
Daniel D’Aquino
2025-06-04 20:47:57 -07:00
parent d8e7b4707e
commit 969a2b656e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nostrdb/src/nostrdb.c
View File

@@ -7089,7 +7089,7 @@ static struct ndb_blocks *ndb_note_to_blocks(struct ndb_note *note)
if (content_len >= INT32_MAX)
return NULL;
unsigned char *buffer = malloc(content_len);
unsigned char *buffer = malloc(2<<18); // Not carefully calculated, but ok because we will not need this once we switch to the local relay model
if (!buffer)
return NULL;