[
https://issues.apache.org/jira/browse/TRAFODION-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16329822#comment-16329822
]
ASF GitHub Bot commented on TRAFODION-2891:
-------------------------------------------
Github user DaveBirdsall commented on a diff in the pull request:
https://github.com/apache/trafodion/pull/1394#discussion_r162226893
--- Diff: core/conn/odb/src/odb.c ---
@@ -5313,7 +5313,7 @@ static void etabadd(char type, char *run, int id)
}
}
if ( etab[no].type == 'e' ) { /* name & create output file
*/
- for ( i = j = 0; etab[no].tgt[i] && i < sizeof(buff);
i++ ) {
+ for ( i = j = 0; i < sizeof(buff) && etab[no].tgt[i];
i++ ) {
--- End diff --
I tried to make sense of this too. It looks like etab[no].tgt is populated
in function parseopt from some string buffer; I can't tell if it is buff (which
is a static variable declared as a char[256]) or something else. My suspicion
is that the test "i < sizeof(buff)" has nothing to do with etab[no].tgt but
rather some other buffer being copied to. In any case, reversing the order of
these tests seems harmless.
> fix the bufoverrun Critical error checked by TScanCode
> ------------------------------------------------------
>
> Key: TRAFODION-2891
> URL: https://issues.apache.org/jira/browse/TRAFODION-2891
> Project: Apache Trafodion
> Issue Type: Bug
> Reporter: xiaozhong.wang
> Priority: Major
> Attachments: Critical_trafodion_tscancode_codecheck.xml
>
>
> access the buffer over run, if the buffer is at end of memory, will be make a
> core dump
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
