Hi Mark, Thanks for finding this potential bug and for providing a fix. However, How would you reply to the comment that is written right before the line you mentioned (I am not the author):
/* This doesn't have buffer overflow vulnerabilities, because we always allocate for enough space before appending. */ Thanks, Antonio Ceballos On Fri, Jun 30, 2017 at 2:20 PM, Mark Hermeling <mhermel...@grammatech.com> wrote: > Hello, > > There is a buffer overrun in return_append_str in src/frontend/lexpgn.cc > at line > 2224 newloc = (char *) malloc(strlen(s))+1; > > The line should read: > newloc = (char *) malloc(strlen(s)+1); > > We found this using static analysis using CodeSonar. I don’t have an > actual path that will demonstrate this bug. > > Regards, > Mark > > — > Mark Hermeling | *GrammaTech* | Senior Director Product Marketing > mobile +1 (607) 351-5719 <(607)%20351-5719> | www.grammatech.com > > > > > > > > > > > > > > _______________________________________________ > Bug-gnu-chess mailing list > Bug-gnu-chess@gnu.org > https://lists.gnu.org/mailman/listinfo/bug-gnu-chess > >
_______________________________________________ Bug-gnu-chess mailing list Bug-gnu-chess@gnu.org https://lists.gnu.org/mailman/listinfo/bug-gnu-chess