From 1c5f4f3853a077fd0c362ff341f5c71cfe85c068 Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Sun, 17 May 2026 04:43:55 +0000 Subject: [PATCH] fix: V-004 security vulnerability Automated security fix generated by Orbis Security AI --- hyperdbg/script-eval/code/Functions.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hyperdbg/script-eval/code/Functions.c b/hyperdbg/script-eval/code/Functions.c index 046ab531..50300cc3 100644 --- a/hyperdbg/script-eval/code/Functions.c +++ b/hyperdbg/script-eval/code/Functions.c @@ -325,6 +325,17 @@ ScriptEngineFunctionMemcpy(UINT64 Destination, UINT64 Source, UINT32 Num, BOOL * UINT64 PrevReadLen = 0; BYTE MovingBuffer[DebuggerScriptEngineMemcpyMovingBufferSize] = {0}; + // + // Reject zero-length copies: a Num of 0 would pass address-range + // validation vacuously (checking 0 bytes at any mapped page succeeds), + // which could be abused as a kernel address-mapping oracle. + // + if (Num == 0) + { + *HasError = TRUE; + return; + } + #ifdef SCRIPT_ENGINE_USER_MODE //