From: David B. <dc...@ho...> - 2013-05-01 08:45:18
|
Hello there, I just ran the static analyser "cppcheck" over the source code of libifp-1.0.0.2. It said 1. [userfile.c:1216]: (error) Buffer is accessed out of bounds: buf The source code is if ( fread(buf, sizeof(unsigned char), sizeof(checkdata), fp) < FIRMWARE_HEADER_SIZE) { I think you might be better off with if ( fread(buf, sizeof(unsigned char), FIRMWARE_HEADER_SIZE, fp) < FIRMWARE_HEADER_SIZE) { 2. [userfile.c:884]: (error) Dangerous usage of 'path' (strncpy doesn't always null-terminate it). The source code is strncpy(path, localdir, sizeof(path)); n = strlen(path); Something like strncpy(path, localdir, sizeof(path)); path[sizeof(path) - 1] = '\0'; n = strlen(path); might be better. 3. [userfile.c:975]: (error) Dangerous usage of 'path' (strncpy doesn't always null-terminate it). Duplicate. Regards David Binderman |
From: jdc <jdc...@gm...> - 2013-05-09 05:48:58
|
Thank you. -- Thanks Jim -----Original Message----- *From:* David Binderman <dc...@ho...> *Date:* Wed 08 May 2013 10:48:38 PM PDT *Subject:* [Ifp-driver-common] libifp-1.0.0.2 bug report > Hello there, > > I just ran the static analyser "cppcheck" over the source code of > libifp-1.0.0.2. It said > > 1. > > [userfile.c:1216]: (error) Buffer is accessed out of bounds: buf > > The source code is > > if ( fread(buf, sizeof(unsigned char), sizeof(checkdata), fp) > < FIRMWARE_HEADER_SIZE) { > > I think you might be better off with > > if ( fread(buf, sizeof(unsigned char), FIRMWARE_HEADER_SIZE, fp) > < FIRMWARE_HEADER_SIZE) { > > 2. > > [userfile.c:884]: (error) Dangerous usage of 'path' (strncpy doesn't always null-terminate it). > > The source code is > > strncpy(path, localdir, sizeof(path)); > n = strlen(path); > > Something like > > strncpy(path, localdir, sizeof(path)); > path[sizeof(path) - 1] = '\0'; > n = strlen(path); > > might be better. > > 3. > > [userfile.c:975]: (error) Dangerous usage of 'path' (strncpy doesn't always null-terminate it). > > Duplicate. > > Regards > > David Binderman > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > Ifp-driver-common mailing list > Ifp...@li... > https://lists.sourceforge.net/lists/listinfo/ifp-driver-common > |