Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer overflow #30

Closed
Nicolasp38 opened this issue Nov 24, 2015 · 1 comment
Closed

Buffer overflow #30

Nicolasp38 opened this issue Nov 24, 2015 · 1 comment
Assignees
@bvernoux
Labels
bug
Milestone
1.0.7

Comments

@Nicolasp38
Copy link

In file airspy.c, function airspy_version_string_read() :
The following two lines are inconsistent :
memcpy(version, version_local, length-1);
version[length] = 0;
Either the memory copy must be of "length" size, either "version[length-1]" must be set to 0.
There is no documentation in comments so I guess "length" is the size of the "version" buffer so "version[length-1]" must be used.
bvernoux added a commit that referenced this issue Nov 24, 2015
@bvernoux
Fix Buffer overflow #30 thanks to Nicolasp38
8a46b25
@bvernoux
Copy link
Member

Thanks for the issue.
It is broken since 55f5e47 (Affect release v1.0.6)
Note: It is funny static analysis tool like cppcheck v1.71 does not detect it.

@bvernoux bvernoux added the bug label Nov 24, 2015
@bvernoux bvernoux added this to the 1.0.7 milestone Nov 24, 2015
@bvernoux bvernoux self-assigned this Nov 24, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bvernoux bvernoux

Labels
bug
Projects
None yet
Milestone
1.0.7
Development

No branches or pull requests
2 participants
@bvernoux @Nicolasp38