[BUG]Buffer overflow in median_search.cpp due to missing input validation in search/median_search.cpp #2939
Labels
Comments
|
Can You Please Assign It To Me I can Fix It.. |
avibega23
added a commit
to avibega23/C-Plus-Plus
that referenced
this issue
Apr 29, 2025
|
Is it resolved or can I work on it? |
I have Solved it and opened a pull request but not approved yet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
A buffer overflow vulnerability exists in median_search.cpp when handling empty or invalid input arrays. The error occurs at:
median_search.cpp:79:11: error: buffer overflow, pointer '&m' accesses 0 bytes at offset 0 bytes of local variable 'm' of size 0 bytes
pivot = m[(sz- 1) / 2
The code fails to validate input size n in main(), allowing zero/negative values
When empty arrays are processed, the median vector m becomes empty
Attempting to access m[0] when m.size() == 0 causes buffer overflow
Expected behavior
Input Validation
The program should validate all user inputs (array size n and elements) and:
Reject non-positive array sizes (n ≤ 0) with a clear error message.
Handle empty arrays gracefully (e.g., throw an exception or return an error code).
Graceful Error Handling
For invalid inputs (e.g., n = 0 or negative sizes):
Display a user-friendly error (e.g., "Error: Array size must be a positive integer").
Actual behavior
Crash on Invalid Input
When entering n ≤ 0 (e.g., 0 or -5), the program crashes with a buffer overflow
Steps to reproduce
No response
Context
Blocked Proper Testing
While implementing unit tests for edge cases, the crashes on empty/negative inputs prevented me from completing test coverage. The code "works" for normal inputs but fails catastrophically for invalid ones.
Additional information
No response
The text was updated successfully, but these errors were encountered: