CVE-2025-46597: Serialization Size Overflow 32bit
Returning `size_t` for the serialized size of an object can lead to integer overflow on 32-bit systems where `size_t` limits computation to 4GB. This can lead to small memory allocations for large payloads, resulting in out-of-bounds writes. Return a fixed 64-bit integer like `uint64_t` to guard against stream sizes larger than 4GB.
greprules fetch cve-2025-46597-serialization-size-overflow-32bit --engine opengrepDescription
Returning `size_t` for the serialized size of an object can lead to integer overflow on 32-bit systems where `size_t` limits computation to 4GB. This can lead to small memory allocations for large payloads, resulting in out-of-bounds writes. Return a fixed 64-bit integer like `uint64_t` to guard against stream sizes larger than 4GB.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.