Back to success stories

Sample of Defect

Project Name CID Checker Category Developer Description
TarotClub 96074 OVERRUN Memory - corruptions Buffer overflow difficult to find by reading the code that would result a crash if path is too long. Good catch Coverity!
File: /src/library/Util.cpp 
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

    strftime(buffer, sizeof(buffer), format.c_str(), timeinfo);

    datetime << buffer;
    /*
     * This code is the C++0x11 way of formating date, but GCC does not support it yet :(
        std::stringstream datetime;
        std::time_t t = std::time(nullptr);
        std::tm tm = *std::localtime(&t);

        datetime << std::put_time(&tm, format);
    */
    return datetime.str();
}
/*****************************************************************************/
std::string Util::ExecutablePath()
{
    std::string path;

#ifdef USE_WINDOWS_OS
    wchar_t buf[MAX_PATH];

    // Will contain exe path
    HMODULE hModule = GetModuleHandle(NULL);
 
 < 1. Condition "hModule != NULL", taking true branch
95
96
97

    if (hModule != NULL)
    {
        // When passing NULL to GetModuleHandle, it returns handle of exe itself
 
 <<< CID 96074: Memory - corruptions OVERRUN
 <<< 2. Overrunning array "buf" of 260 2-byte elements by passing it to a function which accesses it at element index 519 (byte offset 1038) using argument "520UL".
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

        GetModuleFileName(hModule, buf, (sizeof(buf)));
    }
    std::wstring wstr(buf);
    path = std::string(wstr.begin(), wstr.end());

#elif defined(USE_UNIX_OS)
    char buf[FILENAME_MAX];
    readlink("/proc/self/exe", buf, sizeof(buf));
    path = buf;
#elif defined(USE_APPLE_OS)
    _NSGetExecutablePath(path, &size); // make it compile
#else
#error "A portable code is needed here"
#endif
    return (GetDirectoryPath(path));
}
/*****************************************************************************/
std::string Util::HomePath()
{
    std::string homedir;

#if defined(USE_WINDOWS_OS)

#if defined(_MSC_VER)
        char* buf = 0;
        size_t sz = 0;
        if (_dupenv_s(&buf, &sz, "HOMEDRIVE") == 0)
Events:
2. overrun-buffer-arg Util.cpp:98

About Synopsys

Communities and resources