[asterisk-bugs] [JIRA] (ASTERISK-26195) static analysis: Out of bound array access
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Wed Jul 13 19:57:56 CDT 2016
Matt Jordan created ASTERISK-26195:
--------------------------------------
Summary: static analysis: Out of bound array access
Key: ASTERISK-26195
URL: https://issues.asterisk.org/jira/browse/ASTERISK-26195
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Applications/app_voicemail, Core/Channels, Core/ManagerInterface
Reporter: Matt Jordan
Clang's static analysis tool identified three potential out-of-bound array access violations:
# {{apps/app_voicemail.c}}:
{code}
13141 if (!ast_strlen_zero(p->context)) {
5
←
Taking true branch
→
13142 strcat(mwi_sub->mailbox, "@");
6
←
String copy function overflows destination buffer
13143 strcat(mwi_sub->mailbox, p->context);
13144 }
{code}
# {{main/manager.c}}:
{code}
6682 tmp->tv = ast_tvnow();
6683 AST_RWLIST_NEXT(tmp, eq_next) = NULL;
6684 strcpy(tmp->eventdata, str);
7
←
String copy function overflows destination buffer
6685
6686 AST_RWLIST_WRLOCK(&all_events);
{code}
# {{main/channel.c}}:
{code}
7384 if (!member) {
9
←
Assuming 'member' is non-null
→
10
←
Taking false branch
→
7385 ao2_ref(namedgroups, -1);
7386 return NULL;
7387 }
7388 strcpy(member->name, piece);/* Safe */
11
←
String copy function overflows destination buffer
7389 member->hash = ast_str_hash(member->name);
{code}
See the attached reports on this issue for more information.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list