From 43e9a0631abd67aac63734e66a14a89e3813c868 Mon Sep 17 00:00:00 2001
From: Richard Giliam <glitch@amazon.com>
Date: Thu, 6 Nov 2025 12:15:54 -0800
Subject: [PATCH 1/2] Address identified issues with debug allocator, and utf-8
 escape sequences

---
 ionc/ion_allocation.c  | 11 ++++++++++-
 ionc/ion_writer_text.c |  8 ++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/ionc/ion_allocation.c b/ionc/ion_allocation.c
index 477261a..80536f9 100644
--- a/ionc/ion_allocation.c
+++ b/ionc/ion_allocation.c
@@ -228,10 +228,19 @@ SIZE debug_pattern_size = sizeof(debug_pattern);
 void *debug_malloc(SIZE size, const char *file, int line) 
 {
     BYTE   *ptr, *psize, *head, *user, *tail;
-    SIZE  adjusted_size = size + 2*debug_pattern_size * 2 + sizeof(SIZE);
+    SIZE overhead = 2 * debug_pattern_size * 2 + sizeof(SIZE);
+    SIZE adjusted_size = 0;
 
     assert( debug_pattern_size == 8 ); // just to make sure we're getting the right value and know what's actually happening
 
+    // Check for integer overflow in the adjusted_size calculation
+    // SIZE is int32_t, so we need to ensure size + overhead doesn't exceed INT32_MAX
+    if (size < 0 || size > (MAX_SIZE - overhead)) {
+       return NULL; // Allocation request too large or invalid
+    }
+
+    adjusted_size = size + overhead;
+
     ptr = (BYTE *)malloc(adjusted_size);
 
     malloc_block++;
diff --git a/ionc/ion_writer_text.c b/ionc/ion_writer_text.c
index aed37f3..c8b9b24 100644
--- a/ionc/ion_writer_text.c
+++ b/ionc/ion_writer_text.c
@@ -1275,6 +1275,10 @@ iERR _ion_writer_text_append_escape_sequence_string(ION_STREAM *poutput, BOOL do
     else {
         len = (SIZE)(limit - cp);
         if (len > 4) len = 4;
+
+        // Initialize the entire buffer to prevent memory disclosure
+        memset(unicode_buffer, 0, sizeof(unicode_buffer));
+
         for (ii=0; ii<len; ii++) {
             unicode_buffer[ii] = cp[ii];
         }
@@ -1305,6 +1309,10 @@ iERR _ion_writer_text_append_escape_sequence_cstr_limit(ION_STREAM *poutput, cha
     else {
         len = (SIZE)(limit - cp);
         if (len > 4) len = 4;
+
+        // Initialize the entire buffer to prevent memory disclosure
+        memset(temp_buffer, 0, sizeof(temp_buffer));
+
         strncpy(temp_buffer, cp, len);
         IONCHECK(_ion_writer_text_read_unicode_scalar(temp_buffer, &ilen, &unicode_scalar));
         len = ilen;

From 8ad8e88b6055a736ac81936be7611b6d13c887b2 Mon Sep 17 00:00:00 2001
From: Richard Giliam <glitch@amazon.com>
Date: Thu, 6 Nov 2025 22:54:25 -0800
Subject: [PATCH 2/2] Install libasan and libubsan for amazon linux

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index b701b26..1996a9f 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -40,7 +40,7 @@ jobs:
       # Amazon Linux needs a newer version of git installed for actions/checkout
       - name: Install Dependencies
         run: |
-          yum install which git make cmake3 -y
+          yum install which git make cmake3 libasan libubsan -y
           if [ ! -e '/usr/bin/cmake' ]; then ln -s "$(which cmake3)" /usr/bin/cmake; fi
       - name: Install ${{ matrix.compiler.cc }}
         run: yum install ${{ matrix.compiler.packages }} -y