Skip to content

fix: in py/objboundmeth in objboundmeth.c#19226

Closed
orbisai0security wants to merge 1 commit into
micropython:masterfrom
orbisai0security:fix-objboundmeth-integer-overflow-v-001
Closed

fix: in py/objboundmeth in objboundmeth.c#19226
orbisai0security wants to merge 1 commit into
micropython:masterfrom
orbisai0security:fix-objboundmeth-integer-overflow-v-001

Conversation

@orbisai0security
Copy link
Copy Markdown

@orbisai0security orbisai0security commented May 15, 2026

Summary

Fix critical severity security issue in py/objboundmeth.c.

Vulnerability

Field Value
ID V-001
Severity CRITICAL
Scanner multi_agent_ai
Rule V-001
File py/objboundmeth.c:69
CWE CWE-190

Description: In py/objboundmeth.c:69, memcpy copies n_total arguments into the destination buffer args2 without verifying that args2 is large enough to hold all arguments. If n_total is manipulated (e.g., via integer overflow in the size calculation or by passing more arguments than expected), the memcpy writes beyond the allocated buffer boundary, corrupting adjacent heap memory. The same pattern exists in py/objfun.c:446 (n_def_args not validated against o->extra_args allocation size) and py/objnamedtuple.c:117 (n_args not validated against tuple item count).

Changes

  • py/objboundmeth.c

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

Automated security fix by OrbisAI Security

@orbisai0security
fix: V-001 security vulnerability
8b4d2dd 
Automated security fix generated by Orbis Security AI
@codecov
Copy link
Copy Markdown

codecov Bot commented May 15, 2026

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 98.47%. Comparing base (b9d709c) to head (8b4d2dd).

Files with missing lines Patch % Lines
py/objboundmeth.c 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #19226      +/-   ##
==========================================
- Coverage   98.47%   98.47%   -0.01%     
==========================================
  Files         176      176              
  Lines       22845    22847       +2     
==========================================
+ Hits        22497    22498       +1     
- Misses        348      349       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 15, 2026

Code size report:

Reference:  rp2/clocks_extra: Set VREG like the SDK does: needed for 200 MHz. [b9d709c]
Comparison: fix: V-001 security vulnerability [merge of 8b4d2dd]
  mpy-cross:   +16 +0.004% 
   bare-arm:   +12 +0.021% 
minimal x86:   +16 +0.009% 
   unix x64:   +16 +0.002% standard
      stm32:   +16 +0.004% PYBV10
      esp32:   +12 +0.001% ESP32_GENERIC
     mimxrt:   +16 +0.004% TEENSY40
        rp2:   +24 +0.003% RPI_PICO_W
       samd:   +16 +0.006% ADAFRUIT_ITSYBITSY_M4_EXPRESS
  qemu rv32:   +16 +0.003% VIRT_RV32

@dpgeorge dpgeorge closed this May 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@orbisai0security @dpgeorge