Text  |   XML   |   Visible Warnings:

Irssi : Irssi analysis 1 : Buffer Overrun  at write-buffer.c:88

Categories: LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126
Warning ID: 2101.2102
Procedure: write_buffer
Trace: View
Modified: Wed Sep 2 11:51:13 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/irssi/irssi-0.8.14/src/core/log.c
   Enter log_write_timestamp
 61 static void log_write_timestamp(int handle, const char *format,
 62                                 const char *text, time_t stamp) 
 63 {
 64         struct tm *tm;
 65         char str[256];
 66  
 67         g_return_if_fail(format != NULL);
 68         if (*format == '\0') return;
 69  
 70         tm = localtime(&stamp);
 71         if (strftime(str, sizeof(str), format, tm) > 0)
true72                 write_buffer(handle, str, strlen(str));
     /u1/paul/SATE/2010/c/irssi/irssi-0.8.14/src/core/write-buffer.c
     Enter log_write_timestamp / write_buffer
bytes_after($param_2) < 204860   int write_buffer(int handle, const void *data, int size) 
 61   {
 62           BUFFER_REC *rec;
bytes_after(data) < 204863           const char *cdata = data;
 64           int next_size;
 65    
 66           if (write_buffer_max_blocks <= 0) {
 67                   /* no write buffer */ 
 68                   return write(handle, data, size);
 69           }
 70    
 71           if (size <= 0)
 72                   return size;
 73    
 74           rec = g_hash_table_lookup(buffers, GINT_TO_POINTER(handle));
 75           if (rec == NULL) {
 76                   rec = g_new0(BUFFER_REC, 1);
 77                   write_buffer_new_block(rec);
 78                   g_hash_table_insert(buffers, GINT_TO_POINTER(handle), rec);
 79           }
 80    
 81           while (size > 0) {
 82                   if (rec->active_block_pos == BUFFER_BLOCK_SIZE)
bytes_after(cdata) < 204883                           write_buffer_new_block(rec);
 84    
&$unknown_111816 > bytes_after(cdata)85                   next_size = size < BUFFER_BLOCK_SIZE-rec->active_block_pos ? 
&$unknown_111819 > bytes_after(cdata)86                           size : BUFFER_BLOCK_SIZE-rec->active_block_pos;
$param_3 > bytes_after($param_2)87                   memcpy(rec->active_block+rec->active_block_pos,
next_size > bytes_after(cdata)88                          cdata, next_size);     /* Buffer Overrun */
     Exit log_write_timestamp / write_buffer
Preconditions 
&$unknown_111830 >= 1
&$unknown_111831 >= 2048
&$unknown_111836 = 2048
*$param_2 != 0
strlen($param_2) != 0
empty_blocks = 0
write_buffer_max_blocks >= 1
Postconditions 
_g_boolean_var_' = 1
$unknown_111832' = &$unknown_111833
((char*)&$unknown_111832)[8]' = 0
block_count' = block_count + 1
cdata' = &str[0]
data' = &str[0]
format' = $param_2
handle' = $param_1
handle' = $param_1
next_size' = 2048
rec' = &$unknown_111832
size' = &$unknown_111831
stamp' = $param_4
str[0]' = $unknown_111835'
strlen(&str[0])' = &$unknown_111831
text' = $param_3
tm' = &tmbuf.tm_sec
tmbuf.tm_sec' = &$unknown_111829



Change Warning 2101.2102 : Buffer Overrun

Priority:
State:
Finding:
Owner:
Note: