Description
Passing an unrecognised or short-form project name to any MCP tool that
accepts a project parameter causes the binary to crash with a buffer
overflow. The process exits uncleanly with no useful error message returned
to the MCP client.
Environment
- codebase-memory-mcp: v0.6.0
- OS: Ubuntu Linux 22.04 x86_64
Steps to reproduce
- Index a repository — it will be registered under a path-derived name
(e.g. home-ubuntu-dev-myproject for a repo at /home/ubuntu/dev/myproject)
- Call any MCP tool with a short/unrecognised project name:
search_graph(project="myproject", ...)
Expected behaviour
A clean error response indicating the project name was not found, with a
hint to use list_projects to find the correct name.
Actual behaviour
The binary crashes with a buffer overflow. The MCP server process exits and
must be restarted.
Workaround
Always use the full path-derived project name returned by list_projects
(e.g. home-ubuntu-dev-myproject). Never pass short names.
Notes
PR #206 addresses some buffer overflow crashes — it may be worth checking
whether project name validation is in scope for that fix.
Description
Passing an unrecognised or short-form project name to any MCP tool that
accepts a
projectparameter causes the binary to crash with a bufferoverflow. The process exits uncleanly with no useful error message returned
to the MCP client.
Environment
Steps to reproduce
(e.g.
home-ubuntu-dev-myprojectfor a repo at/home/ubuntu/dev/myproject)Expected behaviour
A clean error response indicating the project name was not found, with a
hint to use
list_projectsto find the correct name.Actual behaviour
The binary crashes with a buffer overflow. The MCP server process exits and
must be restarted.
Workaround
Always use the full path-derived project name returned by
list_projects(e.g.
home-ubuntu-dev-myproject). Never pass short names.Notes
PR #206 addresses some buffer overflow crashes — it may be worth checking
whether project name validation is in scope for that fix.