8000 potential integer overflow in 32bit system · Issue #32 · 4ti2/4ti2 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
potential integer overflow in 32bit system #32
New issue
New issue
Open
Open
potential integer overflow in 32bit system#32
@kangwoosukeq

Description

@kangwoosukeq
kangwoosukeq
opened on Aug 18, 2021

Hi, there are potential integer overflow vulnerabilities that can affect the 32bit system.

In src/util/output.c:59, the program reads the value of numOfVars from input file and calls createVector.

fscanf(in,"%d",numOfVars);

if (numOfVectors==0) return (0);

b=createVector(*numOfVars);

Since there is no range check in createVector, it may cause integer overflow and small buffer allocation which leads to buggy behavior.

vector createVector(int numOfVars) {
  vector w;

  w = (vector)malloc(sizeof(int)*(numOfVars+1));
  if (w==0) {
    printf("Could not allocate memory in function createVector.\n");
    printf("Please report this problem.\n");
    exit(0);
  }
  return (w);
}

Similar issues can happen in

4ti2/src/util/output.c

Line 720 in 4d70ab9

labels = (char **)malloc(sizeof(char*)*(numOfVars));

4ti2/src/util/output.c

Line 859 in 4d70ab9

labels = (char **)malloc(sizeof(char*)*(numOfVars));

Thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0