Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Out-of-bounds Write for VerboseStr #91

Open
ArielSAdamsNASA opened this issue Sep 27, 2021 · 2 comments · May be fixed by #122
Open

Out-of-bounds Write for VerboseStr #91

ArielSAdamsNASA opened this issue Sep 27, 2021 · 2 comments · May be fixed by #122
Assignees
@himanshu007-creator

Comments

@ArielSAdamsNASA
Copy link

Describe the bug
Bad while loop causing out-of-bounds write

Expected behavior
Fix while loop

Code snips

elf2cfetbl/elf2cfetbl.c

Lines 1927 to 1932 in 10f55fb

while ((i < sizeof(VerboseStr)) && ((VerboseStr[i] = fgetc(SrcFileDesc)) != '\0'))
{
i++;
}
VerboseStr[i] = '\0'; /* Just in case i=sizeof(VerboseStr) */

System observed on:
Coverity: https://scan.coverity.com/projects/arielsadamsnasa-cfs-jsf-rules?tab=overview

Additional context
Checking i < 60UL implies that i is 60 on the false branch.

Overrunning array VerboseStr of 60 bytes at byte offset 60 using index i (which evaluates to 60).

Reporter Info
Ariel Adams, ASRC Federal
@himanshu007-creator
Copy link

Hi, I would like to work on this issue. Can you guide me further on what needs ti be done ^_^

@skliper
Copy link
Contributor

skliper commented Sep 27, 2021
edited
Loading

@himanshu007-creator - I haven't reviewed all the code, but likely could remove the while loop all together and just set the last character as '\0' and use strlen to size the stored symbol name. Something like:

/* Ensure null terminated */
VerboseStr[sizeof(VerboseStr) - 1] = '\0';

SymbolNames[SymbolIndex] = malloc(strlen(VerboseStr) + 1);

Then you can likely also remove i as a variable. For general process see the contribution guide. Feel free to reach out w/ any questions!

himanshu007-creator added a commit to himanshu007-creator/elf2cfetbl that referenced this issue Oct 7, 2021
@himanshu007-creator
Fix nasa#91,Out-of-bounds Write for VerboseStr
243dbb2
thnkslprpt added a commit to thnkslprpt/elf2cfetbl that referenced this issue Oct 28, 2022
@thnkslprpt
Fix nasa#91, Redo SymbolNames malloc to remove out-of-bounds write
de20b36
@thnkslprpt thnkslprpt linked a pull request Oct 28, 2022 that will close this issue
Open
2 tasks
thnkslprpt added a commit to thnkslprpt/elf2cfetbl that referenced this issue Oct 28, 2022
@thnkslprpt
Fix nasa#91, Redo SymbolNames malloc to remove out-of-bounds write
eef7cf8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@himanshu007-creator himanshu007-creator

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #91, Redo SymbolNames malloc to remove out-of-bounds write thnkslprpt/elf2cfetbl
3 participants
@skliper @himanshu007-creator @ArielSAdamsNASA