Hide Forgot
Description of problem: Static analysis of the code with/without applied patches discovered some possible problems in the code. Version-Release number of selected component (if applicable): symlinks-1.4-3.fc15
Created attachment 498791 [details] readlink Error: READLINK: symlinks-1.4/symlinks.c:163: readlink_call: Passing size argument "sizeof (lpath) /*4096*/" implies readlink() can return up to "sizeof (lpath) /*4096*/" bytes. symlinks-1.4/symlinks.c:163: readlink_assign: Assigning: "c" = readlink(). symlinks-1.4/symlinks.c:167: readlink: "lpath[c]" is essentially buffer[sizeof(buffer)] which is an off-by-one error.
Created attachment 498792 [details] overrun_dynamic Error: OVERRUN_DYNAMIC: symlinks-1.4/symlinks.c:47: buffer_alloc: Calling allocating function "malloc" which allocated memory dictated by argument "strlen(s)". symlinks-1.4/symlinks.c:47: var_assign: Assigning: "tmp" = "malloc(strlen(s))". symlinks-1.4/symlinks.c:58: strcpy_overrun: strcpy, whose first argument "tmp" has length equal to strlen of its second argument "s", will overrun its first argument because of the terminating null. Error: SIZECHECK: symlinks-1.4/symlinks.c:47: size_is_strlen: Calling allocating function "malloc" with function argument "strlen(s)". Did you intend to add 1 to the byte count?