Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Out-of-bounds read on doserrors[] #837

Closed
jcs67 opened this issue Dec 8, 2016 · 1 comment
Closed

Out-of-bounds read on doserrors[] #837

jcs67 opened this issue Dec 8, 2016 · 1 comment

Comments

@jcs67
Copy link

jcs67 commented Dec 8, 2016

In archive_windows.c, __la_dosmaperr(unsigned long e):
for (i = 0; i < (int)sizeof(doserrors); i++)
should be:
for (i = 0; i < (int)sizeof(doserrors)/sizeof(doserrors[0]); i++)

Found by Coverity:

  1. cond_at_most: Checking i < 368 implies that i may be up to 367 on the true branch.
    894 for (i = 0; i < (int)sizeof(doserrors); i++)
    895 {
    3. Condition doserrors[i].winerr == e, taking false branch

Out-of-bounds read (OVERRUN)
7. overrun-local: Overrunning array doserrors of 46 8-byte elements at element index 367 (byte offset 2936) using index i (which evaluates to 367).
896 if (doserrors[i].winerr == e)
897 {
898 errno = doserrors[i].doserr;
899 return;
900 }
kientzle added a commit that referenced this issue Dec 9, 2016
@kientzle
Issue #837: Fix iteration over the available error codes
e9a5a70
@kientzle
Copy link
Contributor

kientzle commented Dec 9, 2016

Thank you!
Fixed in commit e9a5a70.

@kientzle kientzle closed this as completed Dec 9, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kientzle @jcs67