Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-16429

coverity: out-of-bounds-access

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Not specified
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.4.0
    • Component/s: ESDL
    • Labels:
      None

      Description

      I think this is really a false positive, but want to check, and code could be cleaned up.

      There is the following code ion getXsdGroupType()

                 if (*s == '\"')
       855            {
       856                s++;
          	3. strlen_assign: Setting variable len to the return value of strlen called with argument s.
       857                size_t len = strlen(s);
          	
      CID 1143265 (#1 of 1): Out-of-bounds access (OVERRUN)
      4. alloc_strlen: Allocating insufficient memory for the terminating null of the string.
       858                xsdgrouptype = (char*)malloc(len);
       859                strncpy(xsdgrouptype,s,len-1);
       860                xsdgrouptype[len-1]=0;
          	5. Falling through to end of if statement.
       861            }
       862 
      

      I think it is assuming that the last character is a \", and if so remove it. If so it would be worth commenting, but also changing the strncpy to a memcpy - which would be clearer and more efficient.

        Attachments

          Activity

            People

            • Assignee:
              richardkchapman Richard Chapman
              Reporter:
              ghalliday Gavin Halliday
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: