On 05/14/2015 01:47 PM, Held, Douglas wrote:
>
> A team of mine wants to use SQLCipher so I scanned it with Fortify SCA.
> SQLCipher includes sqlite3.c version 3.8.8.3. The software has reported a
> Buffer Overflow (off-by-one) in the following C code:
>
> In sqlite3.c, it says the overflow can
a || p->nSrc==0 );
96491: for(i=p->nSrc-1; i>0; i--){
96492: p->a[i].jointype = p->a[i-1].jointype;
96493: }
96494: p->a[0].jointype = 0;
96495: }
96496: }
The declaration of this buffer 'a' is on line 11973:
11946: struct SrcList {
11947: int nSrc;/* Number of table
C allows declaration of arrays at the end of structures. If the structure
is allocated with a known addtional space, then this is not an issue.
Likely the index will be greater than 1... so the issue would be that it
would appear to overflow anyway.
However, various C compilers have various issue
3 matches
Mail list logo