Bug 1000434 - konkretcmpi: minor overflow issues
konkretcmpi: minor overflow issues
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: konkretcmpi (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Radek Novacek
Depends On:
Blocks: 999043
  Show dependency treegraph
Reported: 2013-08-23 08:46 EDT by Florian Weimer
Modified: 2016-11-30 19:31 EST (History)
2 users (show)

See Also:
Fixed In Version: konkretcmpi-0.9.1-3.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-03-11 14:09:21 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2013-08-23 08:46:53 EDT
MOF_Buffer::append(const char *, size_t) in mof/MOF_Buffer.cpp does not check for integer overflow in the size computation. _round_capacity(MOF_uint32) and _next_pow_2(MOF_uint32) have wrong arugment types, they need to be size_t.

MOF_unescape(const char *) in mof/MOF_String.cpp can overflow the result buffer.

These functions are only used by the code generator, and not at run time, so these bugs should be harmless.
Comment 2 Radek Novacek 2013-08-26 09:29:33 EDT
Fixed upstream and in the konkretcmpi-0.9.1-3.el7. Thanks for the report.

Note You need to log in before you can comment on or make changes to this bug.