[Bug 1780018] [NEW] Defects found in static analysis
Alisha
1780018 at bugs.launchpad.net
Wed Jul 4 05:31:08 UTC 2018
Public bug reported:
I am using libfcgi-2.4.0 armhf version in my application. Which is available here https://packages.ubuntu.com/trusty/armhf/libfcgi-dev
We run Coverity Scan on code and we have found the following defects:
1. File os_unix.c
line 295 and 398
defect : Copy into fixed size buffer. The string operation will write past the end of the fixed-size
destination buffer if the source buffer is too large. You might overrun the 1024-character
fixed-size string host by copying bindPath without checking the length
2. File fcgiapp.c
line 600
defect : Out-of-bounds access. Access of memory not owned by this buffer may cause crashes or incorrect
computations. Overrunning buffer pointed to by charPtrArg of 7 bytes by passing it to a
function which accesses it at byte offset 999998 using argument precision (which evaluates to
999999).
3. File fcgiapp.c
line 1471
defect : Dereference null return value. If the function actually returns a null value, a null pointer
dereference will occur. Dereferencing strchr(name, 61), which is known to be NULL.
4. File fcgio.cpp
line 157 and 165
defect : Operands don't affect result. The expression's value does not depend on the operands; often,
this represents an inadvertent logic error. result_independent_of_operands: n > 2147483647 is
always false regardless of the values of its operands. This occurs as the logical operand of if
Please let me know if these issues will be getting fixed in coming
versions.
** Affects: libfcgi (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to libfcgi in Ubuntu.
https://bugs.launchpad.net/bugs/1780018
Title:
Defects found in static analysis
Status in libfcgi package in Ubuntu:
New
Bug description:
I am using libfcgi-2.4.0 armhf version in my application. Which is available here https://packages.ubuntu.com/trusty/armhf/libfcgi-dev
We run Coverity Scan on code and we have found the following defects:
1. File os_unix.c
line 295 and 398
defect : Copy into fixed size buffer. The string operation will write past the end of the fixed-size
destination buffer if the source buffer is too large. You might overrun the 1024-character
fixed-size string host by copying bindPath without checking the length
2. File fcgiapp.c
line 600
defect : Out-of-bounds access. Access of memory not owned by this buffer may cause crashes or incorrect
computations. Overrunning buffer pointed to by charPtrArg of 7 bytes by passing it to a
function which accesses it at byte offset 999998 using argument precision (which evaluates to
999999).
3. File fcgiapp.c
line 1471
defect : Dereference null return value. If the function actually returns a null value, a null pointer
dereference will occur. Dereferencing strchr(name, 61), which is known to be NULL.
4. File fcgio.cpp
line 157 and 165
defect : Operands don't affect result. The expression's value does not depend on the operands; often,
this represents an inadvertent logic error. result_independent_of_operands: n > 2147483647 is
always false regardless of the values of its operands. This occurs as the logical operand of if
Please let me know if these issues will be getting fixed in coming
versions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/1780018/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list