Public bug reported:
I am using libfcgi-2.4.0 armhf version in my application. Which is available
here https://packages.ubuntu.com/trusty/armhf/libfcgi-dev
We run Coverity Scan on code and we have found the following defects:
1. File os_unix.c
line 295 and 398
defect : Copy into fixed size buffer. The string operation will write
past the end of the fixed-size
destination buffer if the source buffer is too large. You might
overrun the 1024-character
fixed-size string host by copying bindPath without checking the
length
2. File fcgiapp.c
line 600
defect : Out-of-bounds access. Access of memory not owned by this buffer
may cause crashes or incorrect
computations. Overrunning buffer pointed to by charPtrArg of 7
bytes by passing it to a
function which accesses it at byte offset 999998 using argument
precision (which evaluates to
999999).
3. File fcgiapp.c
line 1471
defect : Dereference null return value. If the function actually returns a
null value, a null pointer
dereference will occur. Dereferencing strchr(name, 61), which is
known to be NULL.
4. File fcgio.cpp
line 157 and 165
defect : Operands don't affect result. The expression's value does not
depend on the operands; often,
this represents an inadvertent logic error.
result_independent_of_operands: n > 2147483647 is
always false regardless of the values of its operands. This
occurs as the logical operand of if
Please let me know if these issues will be getting fixed in coming
versions.
** Affects: libfcgi (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1780018
Title:
Defects found in static analysis
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/1780018/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
