Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCA Finding in CFE_TBL_Load #2458

Open
ejtimmon opened this issue Oct 23, 2023 · 2 comments
Open

SCA Finding in CFE_TBL_Load #2458

ejtimmon opened this issue Oct 23, 2023 · 2 comments

Comments

@ejtimmon
Copy link
Contributor

Describe the bug
Klockwork static analysis tool flagged the following finding:

File: /ccrs/flight-sw/fsw/cfe/modules/tbl/fsw/src/cfe_tbl_api.c
Line: 833
Function: CFE_TBL_Load
Finding: Buffer Overflow - Array Index Out of Bounds

To Reproduce
Run Klocwork tool

Reporter Info
Beth Geist/NASA GSFC
@skliper
Copy link
Contributor

skliper commented Oct 23, 2023

This line?

cFE/modules/tbl/fsw/src/cfe_tbl_api.c

Line 833 in 0316672

CFE_TBL_Global.LoadBuffs[RegRecPtr->LoadInProgress].Taken = false;

@jphickey
Copy link
Contributor

This one is entirely plausible. CFE_TBL_Load has been on our list of worst offenders for over complexity. There are so many permutations of possibilities in here, it wouldn't surprise me if there are cases where this has a genuine possibility for out-of-bounds array access.

I wouldn't attempt to "fix" this code though, unless its done as part of a more comprehensive cleanup intended to reduce the complexity of these operations.

Related issues #483, #600, #1504, #1521, #1750, #1861.

Fixing these known issues would probably make this warning go away as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jphickey @ejtimmon @skliper