Bug 1000434 - konkretcmpi: minor overflow issues
Summary: konkretcmpi: minor overflow issues
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: konkretcmpi
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Radek Novacek
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks: 999043
TreeView+ depends on / blocked
 
Reported: 2013-08-23 12:46 UTC by Florian Weimer
Modified: 2016-12-01 00:31 UTC (History)
2 users (show)

Fixed In Version: konkretcmpi-0.9.1-3.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-11 18:09:21 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Florian Weimer 2013-08-23 12:46:53 UTC 
MOF_Buffer::append(const char *, size_t) in mof/MOF_Buffer.cpp does not check for integer overflow in the size computation. _round_capacity(MOF_uint32) and _next_pow_2(MOF_uint32) have wrong arugment types, they need to be size_t.

MOF_unescape(const char *) in mof/MOF_String.cpp can overflow the result buffer.

These functions are only used by the code generator, and not at run time, so these bugs should be harmless.
Comment 2 Radek Novacek 2013-08-26 13:29:33 UTC 
Fixed upstream and in the konkretcmpi-0.9.1-3.el7. Thanks for the report.
Note You need to log in before you can comment on or make changes to this bug.