From fc38c27769bb73e6b65c01a71d62d3c1381e3cfa Mon Sep 17 00:00:00 2001
From: WerWolv <werwolv98@gmail.com>
Date: Sat, 24 Jan 2026 22:59:30 +0100
Subject: [PATCH] fix: Heap buffer read overflow when inserting bytes

---
 lib/libimhex/source/providers/provider.cpp | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/libimhex/source/providers/provider.cpp b/lib/libimhex/source/providers/provider.cpp
index b9764e663..4cd87c430 100644
--- a/lib/libimhex/source/providers/provider.cpp
+++ b/lib/libimhex/source/providers/provider.cpp
@@ -133,7 +133,6 @@ namespace hex::prv {
         this->resizeRaw(newSize);
 
         std::vector<u8> buffer(0x1000, 0x00);
-        const std::vector<u8> zeroBuffer(0x1000, 0x00);
 
         auto position = oldSize;
         while (position > offset) {
@@ -142,9 +141,18 @@ namespace hex::prv {
             position -= readSize;
 
             this->readRaw(position, buffer.data(), readSize);
-            this->writeRaw(position, zeroBuffer.data(), newSize - oldSize);
             this->writeRaw(position + size, buffer.data(), readSize);
         }
+
+        constexpr static std::array<u8, 0x1000> ZeroBuffer = {};
+        auto zeroPosition = offset;
+        auto remainingZeros = size;
+        while (remainingZeros > 0) {
+            const auto writeSize = std::min<size_t>(remainingZeros, ZeroBuffer.size());
+            this->writeRaw(zeroPosition, ZeroBuffer.data(), writeSize);
+            zeroPosition += writeSize;
+            remainingZeros -= writeSize;
+        }
     }
 
     void Provider::removeRaw(u64 offset, u64 size) {