[Bug 1780018] Re: Defects found in static analysis

James Page james.page at ubuntu.com
Wed Jul 18 10:50:12 UTC 2018 

Hello

Thanks for taking the time to report this bug; this kind of analysis is
probably best fed back to the actual upstream project, rather than to a
distribution.   Upstream development happens here:

  https://github.com/FastCGI-Archives/fcgi2

Marking this bug as a won't fix for Ubuntu.

** Changed in: libfcgi (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to libfcgi in Ubuntu.
https://bugs.launchpad.net/bugs/1780018

Title:
  Defects found in static analysis

Status in libfcgi package in Ubuntu:
  Won't Fix

Bug description:
  I am using libfcgi-2.4.0 armhf version in my application. Which is available here https://packages.ubuntu.com/trusty/armhf/libfcgi-dev
   
  We run Coverity Scan on code and we have found the following defects:

  1. File os_unix.c
       line 295 and 398 
       defect :  Copy into fixed size buffer. The string operation will write past the end of the fixed-size 
                 destination buffer if the source buffer is too large. You might overrun the 1024-character 
                 fixed-size string host by copying bindPath without checking the length

  2. File fcgiapp.c
      line 600 
      defect :  Out-of-bounds access. Access of memory not owned by this buffer may cause crashes or incorrect 
                computations. Overrunning buffer pointed to by charPtrArg of 7 bytes by passing it to a 
                function which accesses it at byte offset 999998 using argument precision (which evaluates to 
                999999).

  3. File fcgiapp.c
       line 1471
       defect : Dereference null return value. If the function actually returns a null value, a null pointer 
                dereference will occur. Dereferencing strchr(name, 61), which is known to be NULL.

  4. File fcgio.cpp
      line 157 and 165
      defect :  Operands don't affect result. The expression's value does not depend on the operands; often, 
                this represents an inadvertent logic error. result_independent_of_operands: n > 2147483647 is 
                always false regardless of the values of its operands. This occurs as the logical operand of if

  Please let me know if these issues will be getting fixed in coming
  versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/1780018/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list