Unchecked malloc return NULL vulnerability #46807
Comments
|
@ev1lbl0w Hi! Thanks for taking a look at this and fixing it. This vulnerability was detected by our deep learning based vulnerability detection model. Along with the detection, our model also localizes the vulnerability by producing a version of the function with code that contributed to the vulnerability highlighted. We provide the localization output of the vulnerable function identified in this Issue. The intensity of the highlight correspond to how important the code snippet was for vulnerability detection in this function.
android_support.cpp
register_types.cpp As part of our university research project we would like to evaluate the usefulness of the model’s localization outputs. You can help us out by clicking one of the options below: |
|
@vulnerabilitydetectionlearning do note that Godot has a policy for reporting security vulnerabilities. If you want to use this tool on Godot or any other project, you should make sure to review and follow the project's reporting procedures. |
|
@vnen Hi When we reported this vulnerability we did check the security policy listed and emailed the Godot contact email, however we did not recieve any response. We waited more than two weeks later to open this issue. |
Issue description:
Found two Unchecked malloc return NULL vulnerabilities in Godot repository.
The two vulnerabilities are in these files:
godot/modules/xatlas_unwrap/register_types.cpp
Lines 163 to 175 in b9aa2d0
godot/modules/mono/mono_gd/support/android_support.cpp
Lines 637 to 641 in 5525cd8
Both vulnerabilities can potential occur when malloc cannot successfully allocate memory, it would instead return a null pointer which has unexpected behaviors when operated on. See this for more detail about this type of vulnerability https://cwe.mitre.org/data/definitions/690.html
The text was updated successfully, but these errors were encountered: