Bug 203943

Summary: makefs: Coverity CID 977469: False positive
Product: Base System Reporter: scdbackup
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Some People    
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description scdbackup 2015-10-21 20:04:16 UTC

CID 977469: Out-of-bounds access (OVERRUN)
   1. overrun-buffer-val: Overrunning array pttemp->parent_number
   of 2 bytes by passing it to a function which accesses it at
   byte offset 3.

186        printf("<parent_number>%i</parent_number>\n",
187            debug_get_encoded_number(pttemp->parent_number,mode));

--------------- Source analysis:

The problem is with debug_get_encoded_number() which depending
on iparameter "mode" reads more or less bytes.

The complained call is in function debug_dump_to_xml_ptentry(),
which gets called only by function debug_dump_to_xml_path_table().
It gets the "mode" value as parameter.
This function gets called at two occasions in debug_dump_to_xml():

        debug_dump_to_xml_path_table(fd, t, t2, 721);

        debug_dump_to_xml_path_table(fd, t, t2, 722);

The modes 721 and 722 select 2-byte reading in debug_get_encoded_number().
So the size of pttemp->parent_number is sufficient.

--------------- Remedy proposal:

In Coverity classify CID 977469 as "False positive" and set its Action
to "Ignore".
Comment 1 Enji Cooper freebsd_committer 2015-10-25 22:12:58 UTC
Bulk taking makefs bugs.
Comment 2 Enji Cooper freebsd_committer 2017-11-05 20:47:21 UTC
Releasing bugs back to the pool.