Text  |   XML   |   Visible Warnings:

irssi-0.8.14 : irssi-0.8.14 analysis 2 : Buffer Overrun  at write-buffer.c:88

Categories: LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126
Warning ID: 5249.28248
Procedure: write_buffer
Trace: view
Modified: Thu Nov 26 11:08:18 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /kat0/fletcher/SATE/2010/irssi-0.8.14/src/core/log.c
   Enter log_write_timestamp
 61 static void log_write_timestamp(int handle, const char *format,
 62                                 const char *text, time_t stamp) 
 63 {
 64         struct tm *tm;
 65         char str[256];
 66  
 67         g_return_if_fail(format != NULL);
 68         if (*format == '\0') return;
 69  
 70         tm = localtime(&stamp);
 71         if (strftime(str, sizeof(str), format, tm) > 0)
true72                 write_buffer(handle, str, strlen(str));
     /kat0/fletcher/SATE/2010/irssi-0.8.14/src/core/write-buffer.c
     Enter log_write_timestamp / write_buffer
 60   int write_buffer(int handle, const void *data, int size) 
 61   {
 62           BUFFER_REC *rec;
bytes_after(data) < 204863           const char *cdata = data;
 64           int next_size;
 65    
 66           if (write_buffer_max_blocks <= 0) {
 67                   /* no write buffer */ 
 68                   return write(handle, data, size);
 69           }
 70    
 71           if (size <= 0)
 72                   return size;
 73    
 74           rec = g_hash_table_lookup(buffers, GINT_TO_POINTER(handle));
 75           if (rec == NULL) {
 76                   rec = g_new0(BUFFER_REC, 1);
 77                   write_buffer_new_block(rec);
 78                   g_hash_table_insert(buffers, GINT_TO_POINTER(handle), rec);
 79           }
 80    
 81           while (size > 0) {
 82                   if (rec->active_block_pos == BUFFER_BLOCK_SIZE)
bytes_after(cdata) < 204883                           write_buffer_new_block(rec);
 84    
&$unknown_65705 > bytes_after(cdata)85                   next_size = size < BUFFER_BLOCK_SIZE-rec->active_block_pos ? 
&$unknown_65708 > bytes_after(cdata)86                           size : BUFFER_BLOCK_SIZE-rec->active_block_pos;
size > bytes_after(data)87                   memcpy(rec->active_block+rec->active_block_pos,
next_size > bytes_after(cdata)88                          cdata, next_size);     /* Buffer Overrun */
     Exit log_write_timestamp / write_buffer
Preconditions 
&$unknown_65718 >= 1
&$unknown_65719 >= 2048
*data != 0
strlen(data) != 0
write_buffer_max_blocks >= 1
Postconditions 
_g_boolean_var_' = 1
$unknown_65720' = empty_blocks->data
((char*)&$unknown_65720)[4]' = 0
block_count' = block_count + 1
cdata' = &str[0]
data' = &str[0]
handle' = handle
next_size' = 2048
rec' = &$unknown_65720
size' = &$unknown_65719
str[0]' = $unknown_65722'
strlen(&str[0])' = &$unknown_65719
tm' = &tmbuf.tm_sec
tmbuf.tm_sec' = &$unknown_65717



Change Warning 5249.28248 : Buffer Overrun

Priority:
State:
Finding:
Owner:
Note: