Skip to content

Fix integer overflow vulnerabilities across multiple components#8823

Draft
directionless wants to merge 1 commit into
osquery:masterfrom
directionless:claude/fix-integer-overflow
Draft

Fix integer overflow vulnerabilities across multiple components#8823
directionless wants to merge 1 commit into
osquery:masterfrom
directionless:claude/fix-integer-overflow

Conversation

@directionless
Copy link
Copy Markdown
Member

@directionless directionless commented Apr 11, 2026

This commit addresses several integer overflow and underflow security issues:

  1. osquery/tables/system/darwin/smc_keys.cpp:

    • Added overflow checks in strtoul() to prevent shift overflow when size > 4
    • Added overflow checks in strtoull() to prevent shift overflow when size > 8
    • Changed shift operation from '1 << fractionalBits' to '1U << fractionalBits' to use unsigned arithmetic and prevent undefined behavior

  2. osquery/utils/conversions/windows/strings.cpp:

    • Added overflow checks before 'str.length() * 2' and 'str.length() * 4' multiplications to prevent integer overflow during string conversion

  3. osquery/filesystem/linux/mem.cpp:

    • Added overflow check for 'offset + length' calculation before mmap() to prevent integer overflow in memory mapping operations

  4. osquery/tables/system/posix/smbios_utils.cpp:

    • Changed offset parameter type from uint8_t to size_t in dmiToWord(), dmiToDWord(), dmiToQWord(), and dmiWordToHexStr() functions to prevent uint8_t wraparound when adding offset values (1, 3, 7)

  5. osquery/tables/system/windows/prefetch.cpp:

    • Added underflow checks before 'size - total_length' and 'volume_size - dir_offset' subtractions
    • Added overflow checks before '(length + 1) * sizeof(WCHAR)' multiplications to prevent integer overflow in prefetch parsing

These fixes prevent potential security vulnerabilities related to integer arithmetic that could lead to buffer overflows, incorrect memory access, or other undefined behavior.

🤖 Generated with Claude Code

To submit a PR please make sure to follow the next steps:

  • Read the CONTRIBUTING.md guide at the root of the repo.
  • Ensure the code is formatted building the format_check target.
    If it is not, then move the committed files to the git staging area,
    build the format target to format them, and then re-commit.
    More information is available on the wiki.
  • Ensure your PR contains a single logical change.
  • Ensure your PR contains tests for the changes you're submitting.
  • Describe your changes with as much detail as you can.
  • Link any issues this PR is related to.
  • Remove the text above.

@linux-foundation-easycla
Copy link
Copy Markdown

linux-foundation-easycla Bot commented Apr 11, 2026
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: directionless / name: seph (4bea624)

@directionless directionless force-pushed the claude/fix-integer-overflow branch from 115bc64 to 17f21b7 Compare April 11, 2026 15:16
@directionless @claude
Fix integer overflow vulnerabilities across multiple components
4bea624 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@directionless directionless force-pushed the claude/fix-integer-overflow branch from 17f21b7 to 4bea624 Compare April 11, 2026 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

hardening Linux macOS Windows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@directionless @michael-myers