Text  |   XML   |   Visible Warnings:

Irssi : Irssi analysis 1 : Buffer Overrun  at network.c:441

Categories: LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126
Warning ID: 2088.2088
Similar Warnings: 2088.2089
Procedure: net_gethostbyname
Trace: View
Modified: Wed Sep 2 11:51:08 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/irssi/irssi-0.8.14/src/core/network.c
   Enter net_gethostbyname
 399 int net_gethostbyname(const char *addr, IPADDR *ip4, IPADDR *ip6) 
 400 {
 401 #ifdef HAVE_IPV6 
 402         union sockaddr_union *so;
 403         struct addrinfo hints, *ai, *ailist;
 404         int ret, count_v4, count_v6, use_v4, use_v6;
 405 #else 
 406         struct hostent *hp;
 407         int count; 
 408 #endif 
 409  
 410         g_return_val_if_fail(addr != NULL, -1);
 411  
 412         memset(ip4, 0, sizeof(IPADDR));
 413         memset(ip6, 0, sizeof(IPADDR));
 414  
 415 #ifdef HAVE_IPV6 
 416         memset(&hints, 0, sizeof(struct addrinfo));
 417         hints.ai_socktype = SOCK_STREAM;
 418  
 419         /* save error to host_error for later use */ 
true420         ret = getaddrinfo(addr, NULL, &hints, &ailist);   /* Leak (ID: 2087.2087) */
 421         if (ret != 0)
 422                 return ret;
 423  
 424         /* count IPs */ 
 425         count_v4 = count_v6 = 0;
 426         for (ai = ailist; ai != NULL; ai = ai->ai_next) {   /* Buffer Overrun (ID: 2088.2089) */
 427                 if (ai->ai_family == AF_INET)
 428                         count_v4++;
 429                 else if (ai->ai_family == AF_INET6)
 430                         count_v6++;
 431         }
 432  
 433         if (count_v4 == 0 && count_v6 == 0)
 434                 return HOST_NOT_FOUND; /* shouldn't happen? */ 
 435  
 436         /* if there are multiple addresses, return random one */ 
 437         use_v4 = count_v4 <= 1 ? 0 : rand() % count_v4;
 438         use_v6 = count_v6 <= 1 ? 0 : rand() % count_v6;
 439  
 440         count_v4 = count_v6 = 0;
bytes_after(ailist) < 48441         for (ai = ailist; ai != NULL; ai = ai->ai_next) {     /* Buffer Overrun */
 442                 so = (union sockaddr_union *) ai->ai_addr;
 443  
 444                 if (ai->ai_family == AF_INET) {
 445                         if (use_v4 == count_v4)
 446                                 sin_get_ip(so, ip4);
bytes_after(ai) < 48447                         count_v4++;
Preconditions 
$param_1 >= 1
$heap_283 = 10
$input_12 >= 0
Postconditions 
_g_boolean_var_' = 1
addr' = $param_1
ai' = &$heap_282
ailist' = &$heap_282
count_v4' = 1
count_v6' = 0
bytes_after(&$heap_282)' = 32
$heap_282' is allocated by malloc
$heap_282' is allocated
bytes_before(&$heap_282)' = 0
((char*)&$heap_282)[20]' = &$heap_285
((char*)&$heap_282)[24]' = &$heap_283
((char*)&$heap_282)[28]' = &$heap_284
((char*)&$heap_282)[4]' = 2
$heap_283' is allocated by malloc
$heap_283' is allocated
bytes_before(&$heap_283)' = 0
bytes_after(&$heap_284)' = 32
$heap_284' is allocated by malloc
$heap_284' is allocated
bytes_before(&$heap_284)' = 0
((char*)&$heap_284)[20]' = &$heap_285
((char*)&$heap_284)[24]' = &$heap_283
((char*)&$heap_284)[4]' = 2
$heap_285' = 2
bytes_after(&$heap_285)' = 16
$heap_285' is allocated by malloc
$heap_285' is allocated
bytes_before(&$heap_285)' = 0
hints.ai_flags' = 0
hints.ai_socktype' = 1
ip4' = $param_2
ip6' = $param_3
ret' = 0
so' = &$heap_283
use_v4' = 0



Change Warning 2088.2088 : Buffer Overrun

Because they are very similar, this warning shares annotations with warning 2088.2089.

Priority:
State:
Finding:
Owner:
Note: