Hi Mark,
Thanks for finding this potential bug and for providing a fix. However, How
would you reply to the comment that is written right before the line you
mentioned (I am not the author):
/* This doesn't have buffer overflow vulnerabilities, because
we always allocate for enough space before appending. */
Thanks,
Antonio Ceballos
On Fri, Jun 30, 2017 at 2:20 PM, Mark Hermeling <mhermel...@grammatech.com>
wrote:
> Hello,
>
> There is a buffer overrun in return_append_str in src/frontend/lexpgn.cc
> at line
> 2224 newloc = (char *) malloc(strlen(s))+1;
>
> The line should read:
> newloc = (char *) malloc(strlen(s)+1);
>
> We found this using static analysis using CodeSonar. I don’t have an
> actual path that will demonstrate this bug.
>
> Regards,
> Mark
>
> —
> Mark Hermeling | *GrammaTech* | Senior Director Product Marketing
> mobile +1 (607) 351-5719 <(607)%20351-5719> | www.grammatech.com
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Bug-gnu-chess mailing list
> Bug-gnu-chess@gnu.org
> https://lists.gnu.org/mailman/listinfo/bug-gnu-chess
>
>
_______________________________________________
Bug-gnu-chess mailing list
Bug-gnu-chess@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-gnu-chess
