[BUG] #1411
Description
Description
Hi, certain potential security issues are found in this repository. Fixing them will remove certain security threats.
They are listed below for reference:
Expected behavior
Insertion, deletion should work
Actual behavior
Memory overflow, null pointer dereference might occur
Possible fix
No response
Steps to reproduce
This is a security analysis using Clang.
Context
Analyzing and compiling bfs.c to bfs.o
g->edges = malloc(V * sizeof(int *));
~~^~~~~~~~~~~~~~~
bfs.c:121:12: warning: Potential leak of memory pointed to by 'Q' [unix.Malloc]
return false;
^~~~~
1 warnings generated.
Analyzing and compiling dfs.c to dfs.o
g->edges = malloc(V * sizeof(int *));
~~^~~~~~~~~~~~~~~
1 warning generated.
Compilation and analysis of dfs.c succeeded
Analyzing and compiling graph.c to graph.o
graph.c:29:25: warning: the computation of the size of the memory allocation may overflow [alpha.security.MallocOverflow]
g->edges = malloc(V * sizeof(int *));
~~^~~~~~~~~~~~~~~
1 warning generated.
Compilation and analysis of graph.c succeeded
Analyzing and compiling merge_sort.c to merge_sort.o
merge_sort.c:36:30: warning: the computation of the size of the memory allocation may overflow [alpha.security.MallocOverflow]
int *b = (int )malloc(n * sizeof(int)); / dynamic memory must be freed */
~~^~~~~~~~~~~~~
merge_sort.c:117:16: warning: Untrusted data is used to specify the buffer size (CERT/STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator) [alpha.security.taint.TaintPropagation]
a = (int *)malloc(n * sizeof(int));
^~~~~~~~~~~~~~~~~~~~~~~
merge_sort.c:117:25: warning: the computation of the size of the memory allocation may overflow [alpha.security.MallocOverflow]
a = (int *)malloc(n * sizeof(int));
~~^~~~~~~~~~~~~
3 warnings generated.
Analyzing and compiling queue.c to queue.o
queue.c:67:20: warning: Access to field 'next' results in a dereference of a null pointer (loaded from variable 'head') [core.NullDereference]
head->next = NULL;
1 warning generated.
Compilation and analysis of queue.c succeeded
Analyzing and compiling red_black_tree.c to red_black_tree.o
red_black_tree.c:26:1: warning: Potential leak of memory pointed to by 'create' [unix.Malloc]
}
^
1 warning generated.
Compilation and analysis of red_black_tree.c succeeded
Analyzing and compiling stack.c to stack.o
stack.c:37:35: warning: the computation of the size of the memory allocation may overflow [alpha.security.MallocOverflow]
array = malloc(sizeof(void *) * max);
~~~~~~~~~~~~~~~^~~~~
stack.c:55:20: warning: Assigned value is garbage or undefined [core.uninitialized.Assign]
*(tmp + i) = *(array + i);
^ ~~~~~~~~~~~~
2 warnings generated.
### Additional information
These security errors are fatal.