Wine

15.03.201727.03.2017 / hownot2code

winehq-logo1

Array index out of bounds

V557 Array overrun is possible. The ’16’ index is pointing beyond array bound. winaspi32.c 232

/* SCSI Miscellaneous Stuff */
#define SENSE_LEN      14

typedef struct tagSRB32_ExecSCSICmd {
  ....
  BYTE        SenseArea[SENSE_LEN+2];
} SRB_ExecSCSICmd, *PSRB_ExecSCSICmd;

static void
ASPI_PrintSenseArea(SRB_ExecSCSICmd *prb)
{
  BYTE  *rqbuf = prb->SenseArea;
  ....
  if (rqbuf[15]&0x8) {
    TRACE("Pointer at %d, bit %d\n",
          rqbuf[16]*256+rqbuf[17],rqbuf[15]&0x7);     
  }
  ....
}

The analyzer detected that the program tries to address items 16 and 17 of the rgbuf array, which is beyond its bounds as it only contains 16 items. The rqbuf[15]&0x8 condition is rarely true, that’s why the error hasn’t been noticed.

Please click here to see more bugs from this project.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

You are commenting using your Google+ account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

How Not To Code

C++/C# bad practices: learn how to make a good code by bad example

Wine

Leave a Reply Cancel reply

Share with:

Like this:

Related

Leave a Reply Cancel reply