Microsoft Word 1.1a

/ hownot2code

image3
BUG OF THE MONTH | A typo leading to an array overrun

V557 Array overrun is possible. The ‘5’ index is pointing beyond array bound. dnatfile.c 444

uns rgwSpare0 [5];

DumpHeader()
{
  ....
  printUns ("rgwSpare0[0] = ", Fib.rgwSpare0[5], 0, 0, fTrue);  
  printUns ("rgwSpare0[1] = ", Fib.rgwSpare0[1], 1, 1, fTrue);
  printUns ("rgwSpare0[2] = ", Fib.rgwSpare0[2], 0, 0, fTrue);
  printUns ("rgwSpare0[3] = ", Fib.rgwSpare0[3], 1, 1, fTrue);
  printUns ("rgwSpare0[4] = ", Fib.rgwSpare0[4], 2, 2, fTrue);
  ....
}

It turned out that the first line for some reason contains the text Fib.rgwSpare0[5]. That’s incorrect: there are just 5 items in the array, therefore the largest index should be 4. The value ‘5’ is just a typo. A zero index should have most likely been used in the first string.

Please click here to see more bugs from this project.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.