[asterisk-bugs] [JIRA] (ASTERISK-26195) static analysis: Out of bound array access
Sean Bright (JIRA)
noreply at issues.asterisk.org
Tue Aug 22 14:32:08 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-26195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238173#comment-238173 ]
Sean Bright commented on ASTERISK-26195:
----------------------------------------
I'm pretty sure that all of these are false positives. In all 3 cases, we are using the {{char\[1\]-as-last-member-of-struct}} "trick" and the buffer lengths appear to be calculated correctly.
> static analysis: Out of bound array access
> -------------------------------------------
>
> Key: ASTERISK-26195
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26195
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Applications/app_voicemail, Core/Channels, Core/ManagerInterface
> Reporter: Matt Jordan
> Assignee: Matt Jordan
> Attachments: report-328195.html, report-6b239f.html, report-fee2e3.html
>
>
> Clang's static analysis tool identified three potential out-of-bound array access violations:
> # {{apps/app_voicemail.c}}:
> {code}
> 13141 if (!ast_strlen_zero(p->context)) {
>
> 5
>
> ←
> Taking true branch
> →
> 13142 strcat(mwi_sub->mailbox, "@");
>
> 6
>
> ←
> String copy function overflows destination buffer
> 13143 strcat(mwi_sub->mailbox, p->context);
> 13144 }
> {code}
> # {{main/manager.c}}:
> {code}
> 6682 tmp->tv = ast_tvnow();
> 6683 AST_RWLIST_NEXT(tmp, eq_next) = NULL;
> 6684 strcpy(tmp->eventdata, str);
>
> 7
>
> ←
> String copy function overflows destination buffer
> 6685
> 6686 AST_RWLIST_WRLOCK(&all_events);
> {code}
> # {{main/channel.c}}:
> {code}
> 7384 if (!member) {
>
> 9
>
> ←
> Assuming 'member' is non-null
> →
>
> 10
>
> ←
> Taking false branch
> →
> 7385 ao2_ref(namedgroups, -1);
> 7386 return NULL;
> 7387 }
> 7388 strcpy(member->name, piece);/* Safe */
>
> 11
>
> ←
> String copy function overflows destination buffer
> 7389 member->hash = ast_str_hash(member->name);
> {code}
> See the attached reports on this issue for more information.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list