From 2aee64459dbb56eef29ad2466d59339bd7c20050 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Sat, 16 May 2026 05:11:00 +0000
Subject: [PATCH 1/2] fix: V-001 security vulnerability

Automated security fix generated by Orbis Security AI
---
 src/ctest.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ctest.c b/src/ctest.c
index 01ada2c..a1265f9 100644
--- a/src/ctest.c
+++ b/src/ctest.c
@@ -620,7 +620,7 @@ static char* ctest_vsprintf_char(const char* format, va_list va)
     }
     else
     {
-        result = malloc(neededSize + 1);
+        result = malloc((size_t)neededSize + 1);
         if (result == NULL)
         {
             LogError("failure in malloc");
@@ -628,7 +628,7 @@ static char* ctest_vsprintf_char(const char* format, va_list va)
         }
         else
         {
-            if (vsnprintf(result, neededSize + 1, format, va) != neededSize)
+            if (vsnprintf(result, (size_t)neededSize + 1, format, va) != neededSize)
             {
                 LogError("inconsistent vsnprintf behavior format, neededSize=%d + 1, format=%s, va=%p", neededSize, format, (void*)&va);
                 free(result);

From 8169a79ffad04133b30d066d056dfcef5865dea3 Mon Sep 17 00:00:00 2001
From: OrbisAI Security <mediratta01.pally@gmail.com>
Date: Sat, 6 Jun 2026 06:54:57 +0530
Subject: [PATCH 2/2] fix: guard allocation-size calculation against signed int
 overflow in ctest_vsprintf_char

neededSize + 1 is evaluated as signed int arithmetic before promotion to size_t.
Add explicit INT_MAX guard (CWE-190) and move limits.h unconditional so INT_MAX
is available on all platforms.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/ctest.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/ctest.c b/src/ctest.c
index a1265f9..3ab771a 100644
--- a/src/ctest.c
+++ b/src/ctest.c
@@ -14,8 +14,9 @@
 #include "ctest.h"
 #include "c_logging/logger.h"
 
+#include <limits.h> // for INT_MAX, SIZE_MAX
+
 #if defined _MSC_VER && !defined(WINCE)
-#include <limits.h> // for SIZE_MAX
 #include "windows.h"
 #endif
 
@@ -618,6 +619,11 @@ static char* ctest_vsprintf_char(const char* format, va_list va)
         LogError("failure in vsnprintf, format=%s, va_clone=%p);", format, (void*)&va_clone);
         result = NULL;
     }
+    else if (neededSize == INT_MAX)
+    {
+        LogError("overflow in allocation size calculation, neededSize=INT_MAX");
+        result = NULL;
+    }
     else
     {
         result = malloc((size_t)neededSize + 1);