CodeSonar : irssi-0.8.14 : Buffer Overrun

irssi-0.8.14 : irssi-0.8.14 analysis 2 : Buffer Overrun at misc.c:917

Categories:	LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126
Warning ID:	7321.28415
Procedure:	parse_size
Trace:	view
Modified:	Thu Nov 26 11:09:32 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/irssi-0.8.14/src/fe-common/core/fe-settings.c

			Enter cmd_set

static void cmd_set(char *data)

{

GHashTable *optlist;

100

char *key, *value;

101

void *free_arg;

102

int clear, set_default;

103

SETTINGS_REC *rec;

104

105

if (!cmd_get_params(data, &free_arg, 2 | PARAM_FLAG_GETREST | PARAM_FLAG_OPTIONS,

106

"set", &optlist, &key, &value ))

107

return;

108

109

clear = g_hash_table_lookup(optlist, "clear") != NULL;

110

set_default = g_hash_table_lookup(optlist, "default") != NULL;

111

112

if (*key == '\0')

113

clear = set_default = FALSE;

114

115

if (!(clear || set_default || *value != '\0'))

116

set_print_pattern(key );

117

else {

118

rec = settings_get_record(key );

119

if (rec != NULL) {

120

/* change the setting */

121

switch (rec->type) {

122

case SETTING_TYPE_BOOLEAN:

123

if (clear)

124

settings_set_bool(key, FALSE );

125

else if (set_default)

126

settings_set_bool(key, rec->default_value.v_bool );

127

else

128

set_boolean(key, value );

129

break;

130

case SETTING_TYPE_INT:

131

if (clear)

...

145

set_default ? rec->default_value.v_string : value ))

146

printformat (NULL , NULL , MSGLEVEL_CLIENTERROR ,

break;

case SETTING_TYPE_LEVEL:

150

if (!settings_set_level(key, clear ? "" :

151

set_default ? rec->default_value.v_string : value ))

152

printformat (NULL , NULL , MSGLEVEL_CLIENTERROR ,

break;

case SETTING_TYPE_SIZE:

true

156

if (!settings_set_size(key, clear ? "0" :

bytes_after($temp54) < 3

157

set_default ? rec->default_value.v_string : value ))

					/kat0/fletcher/SATE/2010/irssi-0.8.14/src/core/settings.c

					Enter cmd_set / settings_set_size

	368				int settings_set_size(const char key, const char value)
	369				{
	370				int size;
	371

bytes_after(value) < 3

372

if (!parse_size(value, &size ))

							/kat0/fletcher/SATE/2010/irssi-0.8.14/src/core/misc.c

							Enter cmd_set / settings_set_size / parse_size

896

int parse_size(const char *size, int *bytes)

{

const char *desc;

int number, len;

*bytes = 0;

/* max. return value is about 1.6 years */

904

number = 0;

905

while (*size != '\0') {

906

if (i_isdigit(*size)) {

907

number = number*10 + (*size - '0');

size++;

continue;

}

/* skip punctuation */

913

while (*size != '\0' && i_ispunct(*size))

bytes_after(size) < 3

914

size++;

915

916

/* get description */

917

for (len = 0, desc = size; i_isalpha(*size); size++) /* Buffer Overrun */

bytes_after(size) < 2

918

len++;

							Exit cmd_set / settings_set_size / parse_size

					Exit cmd_set / settings_set_size

Preconditions

size != 0
&$unknown_523844 != 0
&$unknown_523847 != 0
&$unknown_523848 != 0
$unknown_523845 != 0
strlen(&$unknown_523845) != 0
((char*)&$unknown_523846)[16] = 5

Postconditions

bytes' = &size
clear' = 1
desc' = &#string8[0] + 1
key' = &$unknown_523845
key' = &$unknown_523845
len' = 1
number' = 0
optlist' = &$unknown_523843
rec' = &$unknown_523846
set_default' = 0
size' = &#string8[0] + 2
size' = 0
value' = &#string8[0]

Change Warning 7321.28415 : Buffer Overrun

Priority:
State:
Finding:
Owner:
Note: