Highlights
Buffer Overflow: 7 prior fixes. Scrutinize any change in this area.
src/modbus.c: most-fixed (10 issues). Treat as high-risk during review.
9 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Buffer Overflow: Remote attackers can cause buffer overflows by sending Modbus requests with mismatched or excessive register/bit counts that bypass boundary checks on mapping objects. This pattern is highly recurring.
Memory Corruption: Failing to check if an active socket file descriptor is smaller than FD_SETSIZE before passing it to FD_SET leads to stack-based memory corruption when handling many concurrent connections.
Buffer Overflow: Raw requests and write operations relying on unsafe memcpy or offset increments can overrun stack buffers when incoming payload sizes exceed maximum limits.