Project Name | CID | Checker | Category | Developer Description |
---|---|---|---|---|
TarotClub | 96074 | OVERRUN | Memory - corruptions | Buffer overflow difficult to find by reading the code that would result a crash if path is too long. Good catch Coverity! |
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
strftime(buffer, sizeof(buffer), format.c_str(), timeinfo); datetime << buffer; /* * This code is the C++0x11 way of formating date, but GCC does not support it yet :( std::stringstream datetime; std::time_t t = std::time(nullptr); std::tm tm = *std::localtime(&t); datetime << std::put_time(&tm, format); */ return datetime.str(); } /*****************************************************************************/ std::string Util::ExecutablePath() { std::string path; #ifdef USE_WINDOWS_OS wchar_t buf[MAX_PATH]; // Will contain exe path HMODULE hModule = GetModuleHandle(NULL); |
< 1. Condition "hModule != NULL", taking true branch
95 96 97 |
if (hModule != NULL) { // When passing NULL to GetModuleHandle, it returns handle of exe itself |
<<< CID 96074: Memory - corruptions OVERRUN <<< 2. Overrunning array "buf" of 260 2-byte elements by passing it to a function which accesses it at element index 519 (byte offset 1038) using argument "520UL".
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
GetModuleFileName(hModule, buf, (sizeof(buf))); } std::wstring wstr(buf); path = std::string(wstr.begin(), wstr.end()); #elif defined(USE_UNIX_OS) char buf[FILENAME_MAX]; readlink("/proc/self/exe", buf, sizeof(buf)); path = buf; #elif defined(USE_APPLE_OS) _NSGetExecutablePath(path, &size); // make it compile #else #error "A portable code is needed here" #endif return (GetDirectoryPath(path)); } /*****************************************************************************/ std::string Util::HomePath() { std::string homedir; #if defined(USE_WINDOWS_OS) #if defined(_MSC_VER) char* buf = 0; size_t sz = 0; if (_dupenv_s(&buf, &sz, "HOMEDRIVE") == 0) |
2. overrun-buffer-arg | Util.cpp:98 |