[UE] Out-of-bounds access (ck.c)
Added by kavargyr about 2 years ago
Hello,
lighttpd version 1.4.64
a coverity check tool reports about an Out-of-bounds access (OVERRUN) in ck.c (line 241)
overrun-buffer-arg: Overrunning buffer pointed to by errstr of 1024 bytes by passing it to a function which accesses it at byte offset 9223372036854775806 using argument errlen + 1UL (which evaluates to 9223372036854775807).
Is this indeed an issue?
Thank you.
BR,kk
Replies (2)
RE: Out-of-bounds access (ck.c) - Added by gstrauss about 2 years ago
Is this indeed an issue?
No. The strerror_r() result is a '\0'-terminated string.
Running a script and having no idea how to begin to interpret the results makes you look foolish when you post about it.
lighttpd developers use a number of static analysis tools, including Coverity Scan. Static analysis tools can be useful to point you to places to look in code to double-check, but static analysis tools are not perfect and can have false positives (and false negatives). I will delete any further posts you make that are cut-n-paste from a static analysis tool and are lacking any analysis from you. I am not going to waste my time explaining static analysis tool output to you.