Red Hat Bugzilla – Bug 1000434
konkretcmpi: minor overflow issues
Last modified: 2016-11-30 19:31:58 EST
MOF_Buffer::append(const char *, size_t) in mof/MOF_Buffer.cpp does not check for integer overflow in the size computation. _round_capacity(MOF_uint32) and _next_pow_2(MOF_uint32) have wrong arugment types, they need to be size_t.
MOF_unescape(const char *) in mof/MOF_String.cpp can overflow the result buffer.
These functions are only used by the code generator, and not at run time, so these bugs should be harmless.
Fixed upstream and in the konkretcmpi-0.9.1-3.el7. Thanks for the report.