Security threat due to insecure function "malloc()" in GCDAsyncSocket.m

Question

Created Aug ’20

Replies 2

Boosts 0

Views 2.4k

Participants 3

https://github.com/robbiehanson/CocoaAsyncSocket/blob/master/Source/GCD/GCDAsyncUdpSocket.m
I am getting security threat in GCDAsyncUdpSocke.m class file

There is occurrences of malloc() function which is an insecure function acc to security tool.

void *buf = malloc(bufSize);
void *buf = malloc(bufSize);

Below is the issue description and reference links from security team.
Issue description: Use of insecure functions/potential dangerous functions
Reference links: CWE-676: Use of Potentially Dangerous Function
CWE-789 - Uncontrolled Memory Allocation

This would explain why SECURITY TEAM is recommending the change of these functions.

Thanks and Regards

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’20

Security threat due to insecure function malloc() in GCDAsyncSocket.m

You’ve asked many questions that all have the same answer. I’m going to respond on this one.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

imran_hussain546 OP

Mar ’25

Fresh Flutter Project Using Insecure APIs (_sscanf, _strlen, _fopen, malloc) in Binary

I recently created a fresh Flutter project with:

No dependencies No additional written code After generating the iOS build, I navigated to the build folder:

cd build/ios/iphoneos/Runner.app

Then, I ran the following commands to inspect the binary:

otool -Iv Runner | grep -w _strlen otool -Iv Runner | grep -w _malloc

Surprisingly, I received positive results, meaning these functions are present in the binary.

My Questions: Why is a fresh project (with no extra dependencies & No additional written code ) including these APIs in the binary?

@DTS Engineer

0