Menu
▾
▴
ifp-driver-common
|
From: David B. <dc...@ho...> - 2013-05-01 08:45:18
|
Hello there,
I just ran the static analyser "cppcheck" over the source code of
libifp-1.0.0.2. It said
1.
[userfile.c:1216]: (error) Buffer is accessed out of bounds: buf
The source code is
if ( fread(buf, sizeof(unsigned char), sizeof(checkdata), fp)
< FIRMWARE_HEADER_SIZE) {
I think you might be better off with
if ( fread(buf, sizeof(unsigned char), FIRMWARE_HEADER_SIZE, fp)
< FIRMWARE_HEADER_SIZE) {
2.
[userfile.c:884]: (error) Dangerous usage of 'path' (strncpy doesn't always null-terminate it).
The source code is
strncpy(path, localdir, sizeof(path));
n = strlen(path);
Something like
strncpy(path, localdir, sizeof(path));
path[sizeof(path) - 1] = '\0';
n = strlen(path);
might be better.
3.
[userfile.c:975]: (error) Dangerous usage of 'path' (strncpy doesn't always null-terminate it).
Duplicate.
Regards
David Binderman
|
|
From: jdc <jdc...@gm...> - 2013-05-09 05:48:58
|
Thank you.
--
Thanks
Jim
-----Original Message-----
*From:* David Binderman <dc...@ho...>
*Date:* Wed 08 May 2013 10:48:38 PM PDT
*Subject:* [Ifp-driver-common] libifp-1.0.0.2 bug report
> Hello there,
>
> I just ran the static analyser "cppcheck" over the source code of
> libifp-1.0.0.2. It said
>
> 1.
>
> [userfile.c:1216]: (error) Buffer is accessed out of bounds: buf
>
> The source code is
>
> if ( fread(buf, sizeof(unsigned char), sizeof(checkdata), fp)
> < FIRMWARE_HEADER_SIZE) {
>
> I think you might be better off with
>
> if ( fread(buf, sizeof(unsigned char), FIRMWARE_HEADER_SIZE, fp)
> < FIRMWARE_HEADER_SIZE) {
>
> 2.
>
> [userfile.c:884]: (error) Dangerous usage of 'path' (strncpy doesn't always null-terminate it).
>
> The source code is
>
> strncpy(path, localdir, sizeof(path));
> n = strlen(path);
>
> Something like
>
> strncpy(path, localdir, sizeof(path));
> path[sizeof(path) - 1] = '\0';
> n = strlen(path);
>
> might be better.
>
> 3.
>
> [userfile.c:975]: (error) Dangerous usage of 'path' (strncpy doesn't always null-terminate it).
>
> Duplicate.
>
> Regards
>
> David Binderman
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> Ifp-driver-common mailing list
> Ifp...@li...
> https://lists.sourceforge.net/lists/listinfo/ifp-driver-common
>
|
Thanks for helping keep SourceForge clean.
X