A risk of writing to an invalid address with memcpy in function Parser_feed #183

awen-li · 2021-05-27T06:34:16Z

Code snippet

Parser_feed(Parser* self, PyObject *args)
{
     ........
     if((size_t)data_len > self->buffer_capacity - (self->buffer_end - self->buffer_start)) {
            self->buffer_capacity = MAX(self->buffer_capacity * 2, self->buffer_end - self->buffer_start + data_len);
            if(self->buffer == self->inline_buffer) {
                   self->buffer = malloc(self->buffer_capacity);    --------> may return a NULL pointer
                   memcpy(self->buffer + self->buffer_start, self->inline_buffer + self->buffer_start,
                                  self->buffer_end - self->buffer_start);
    } 
    ........
}

Description

Function: Parser_feed
File: cparser.c
Call-path: feed (Python) -> Parser_feed -> memcpy
WarningType: Invalid write. Our analysis tool reported a warning on potential write at an invalid address. As the buffer_capacity may depend on external inputs, hence it is possible that malloc-fail happens. Return value validation is necessary at this point.
Also seen in Details

The text was updated successfully, but these errors were encountered:

awen-li · 2021-05-31T19:34:51Z

Anyone can help confirm this issue? thanks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A risk of writing to an invalid address with memcpy in function Parser_feed #183

A risk of writing to an invalid address with memcpy in function Parser_feed #183

awen-li commented May 27, 2021

awen-li commented May 31, 2021

A risk of writing to an invalid address with memcpy in function Parser_feed #183

A risk of writing to an invalid address with memcpy in function Parser_feed #183

Comments

awen-li commented May 27, 2021

Code snippet

Description

awen-li commented May 31, 2021