[Bug 37129] New: Clang Static Analyzer: Buffer overflow
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Aug 16 13:37:19 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=37129
Bug ID: 37129
Summary: Clang Static Analyzer: Buffer overflow
Product: Wine
Version: 1.7.22
Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: -unknown
Assignee: wine-bugs at winehq.org
Reporter: lukebenes at hotmail.com
Clang Static Analyzer identifies a possible buffer overflow
File: tools/widl/typegen.c
Location: line 1158, column 28
Description: String copy function overflows destination buffer
static unsigned int write_new_procformatstring_type(...)
{
char buffer[64];
...
strcpy( buffer, "/* flags:" );
if (flags & MustSize) strcat( buffer, " must size," );
if (flags & MustFree) strcat( buffer, " must free," );
if (flags & IsPipe) strcat( buffer, " pipe," );
if (flags & IsIn) strcat( buffer, " in," );
if (flags & IsOut) strcat( buffer, " out," );
if (flags & IsReturn) strcat( buffer, " return," );
if (flags & IsBasetype) strcat( buffer, " base type," );
if (flags & IsByValue) strcat( buffer, " by value," );
if (flags & IsSimpleRef) strcat( buffer, " simple ref," );
...
}
Even if not all the conditions are true, you still risk getting a too lengthy
string that won't suit the buffer.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list