Back to success stories

Sample of Defect

Project Name CID Checker Category Developer Description
xfsprogs 1297996 BAD_SIZEOF Incorrect expression With two string literals, "SGI_ACL_FILE" and "SGI_ACL_DEFAULT", the addition of the (unsigned char *) cast resulted in sizeof returning 7 (size of pointer minus one), rather than the length of the string. Subsequent strncmps using these two strings only compared the first 7 chars, which happen to be identical between the two strings. This was only a test branch, not yet in the main branch or in a release, so it was very good to find this problem early.
File: /repair/attr_repair.c 
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751

 * fork being emptied and put in shortform format.
 */

/*
 * This routine just checks what security needs are for attribute values
 * only called when root flag is set, otherwise these names could exist in
 * in user attribute land without a conflict.
 * If value is non-zero, then a remote attribute is being passed in
 */
static int
valuecheck(
        struct xfs_mount *mp,
        char                *namevalue,
        char                *value,
        int                namelen,
        int                valuelen)
{
        /* for proper alignment issues, get the structs and memmove the values */
        xfs_mac_label_t macl;
        void *valuep;
        int clearit = 0;

        if ((strncmp(namevalue, SGI_ACL_FILE, SGI_ACL_FILE_SIZE) == 0) ||
                        (strncmp(namevalue, SGI_ACL_DEFAULT,
 
 <<< CID 1297996: Incorrect expression BAD_SIZEOF
 <<< Taking the size of ""SGI_ACL_DEFAULT"", which is the address of an object, is suspicious.
 < Did you intend the size of ""SGI_ACL_DEFAULT"" itself?
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777

                                SGI_ACL_DEFAULT_SIZE) == 0)) {
                if (value == NULL) {
                        valuep = malloc(valuelen);
                        if (!valuep)
                                do_error(_("No memory for ACL check!\n"));
                        memcpy(valuep, namevalue + namelen, valuelen);
                } else
                        valuep = value;

                if (xfs_acl_valid(mp, valuep) != 0) {
                        clearit = 1;
                        do_warn(
        _("entry contains illegal value in attribute named SGI_ACL_FILE "
          "or SGI_ACL_DEFAULT\n"));
                }

                if (valuep != value)
                        free(valuep);

        } else if (strncmp(namevalue, SGI_MAC_FILE, SGI_MAC_FILE_SIZE) == 0) {
                if (value == NULL) {
                        memset(&macl, 0, sizeof(xfs_mac_label_t));
                        memmove(&macl, namevalue+namelen, valuelen);
                        valuep = &macl;
                } else
                        valuep = value;
Events:
remediation attr_repair.c:752
bad_sizeof attr_repair.c:752

About Synopsys

Communities and resources