Bug 203943
| Summary: | makefs: Coverity CID 977469: False positive | ||
|---|---|---|---|
| Product: | Base System | Reporter: | scdbackup |
| Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | New --- | ||
| Severity: | Affects Some People | ||
| Priority: | --- | ||
| Version: | CURRENT | ||
| Hardware: | Any | ||
| OS: | Any | ||
Bulk taking makefs bugs. Releasing bugs back to the pool. |
usr.sbin/makefs/cd9660/cd9660_debug.c CID 977469: Out-of-bounds access (OVERRUN) 1. overrun-buffer-val: Overrunning array pttemp->parent_number of 2 bytes by passing it to a function which accesses it at byte offset 3. 186 printf("<parent_number>%i</parent_number>\n", 187 debug_get_encoded_number(pttemp->parent_number,mode)); --------------- Source analysis: The problem is with debug_get_encoded_number() which depending on iparameter "mode" reads more or less bytes. The complained call is in function debug_dump_to_xml_ptentry(), which gets called only by function debug_dump_to_xml_path_table(). It gets the "mode" value as parameter. This function gets called at two occasions in debug_dump_to_xml(): debug_dump_to_xml_path_table(fd, t, t2, 721); debug_dump_to_xml_path_table(fd, t, t2, 722); The modes 721 and 722 select 2-byte reading in debug_get_encoded_number(). So the size of pttemp->parent_number is sufficient. --------------- Remedy proposal: In Coverity classify CID 977469 as "False positive" and set its Action to "Ignore".