Memcpy Vulnerable Function

We recently ran a security scan with a third party provider. It shows that memcpy is used within the AlamofireObjectMapper 6.2.0 dependency.

I ran a search within the codebase on github and did not find any uses. Are there any known uses of this within Alamofire and its dependencies? Is there plans to remediate this in order to avoid buffer overflows? (Avoiding Buffer Overflows and Underflows)

As you've seen, Alamofire doesn't use memcpy, so your scan is likely picking something else up. In the future, please report any potential security issues to security@alamofire.org with full details.

memcpy is not an inherently unsafe API. The compiler even automatically calls memcpy for certain things, which is likely what you’re detecting if you’re doing a binary analysis.

6 Likes