Potential Errors untrusted-data-to-external-api Related to CWE-20

[Close-Recover]

Dear developers,

When we use CodeQL (GitHub's own static code analysis tool) to analyze the project, it has reported some errors from code that may cause breakdown. And we found that these potential errors tend to exist in the project for a relatively long time. In this issue we will provide the errors form a single file third_party/rtklib/novatel.c, including their names, locations and analysis steps (code data flow). Hopefully they will get your attention, and we are looking forward to a further communication.

System information

• OS Platform and Distribution: Linux Ubuntu 18.04
• Apollo installed from: source
• Apollo version: 9.0, but some appears in much earlier version like 3.0
• Output of apollo.sh config if on master branch: no output can be given because the analysis was run just after standard installation

Steps to reproduce the issue:

• Prepare everything by following the guidance of official docs before running './apollo.sh build'
• Then use CodeQL create database command to establish database and set '--command = './apollo.sh build'', it looks like: codeql database create new-database --language=<language> --command='./scripts/build.sh'
• Please note that the process needs a clean build and may take a long time to finish. Using clean command and parallelization techniques based on your hardware environment may help you make it faster

Supporting materials (screenshots, command lines, code/script snippets):

• Because of the limit of GitHub, we cannot attach the original file directly. You can contact us by email to obtain it: [email protected]
• Here are some errors' information that were reported as the most important, they are focused on untrusted data to external api, which is related to CWE-20. The <number:number> pattern means the specific location of code (e.g. read output argument novatel.c 2001:13, 'fread output argument' is code, '2001:13' is detailed location) in code file and it helps you to detect code data flow in program:

Call to floor with untrusted data from string read by fread: fread output argument novatel.c 2001:13 *raw [post update] [buff] novatel.c 2001:13 *raw [buff] novatel.c 2004:3 *raw [buff] novatel.c 2006:8 *raw [buff] novatel.c 2014:3 *raw [buff] novatel.c 2017:22 *raw [buff] novatel.c 1794:31 *raw [buff] novatel.c 1813:3 *raw [buff] novatel.c 1824:31 *raw [buff] novatel.c 459:36 *raw [buff] novatel.c 485:22 *... + ... novatel.c 485:22 ... + ... novatel.c 537:33

Call to fabs with untrusted data from string read by fread: fread output argument novatel.c 2001:13 *raw [post update] [buff] novatel.c 2001:13 *raw [buff] novatel.c 2004:3 *raw [buff] novatel.c 2006:8 *raw [buff] novatel.c 2014:3 *raw [buff] novatel.c 2017:22 *raw [buff] novatel.c 1794:31 *raw [buff] novatel.c 1812:12 *... + ... novatel.c 1812:12 tow novatel.c 1813:31 sec rtkcmn.c 1591:43 ... = ... rtkcmn.c 1598:3 *t [post update] [sec] rtkcmn.c 1598:3 *gpst2time [sec] rtkcmn.c 1591:16 call to gpst2time [sec] novatel.c 1813:15 ... = ... [sec] novatel.c 1813:3 *raw [post update] [time, sec] novatel.c 1813:3 *raw [time, sec] novatel.c 1824:31 *raw [time, sec] novatel.c 459:36 *raw [time, sec] novatel.c 563:46 time [sec] novatel.c 563:51 t2 [sec] rtkcmn.c 1701:44 *t2 [sec] rtkcmn.c 1702:48 *timediff rtkcmn.c 1701:15 call to timediff novatel.c 563:14

Call to fabs with untrusted data from string read by fread: fread output argument novatel.c 2001:13 *raw [post update] [buff] novatel.c 2001:13 *raw [buff] novatel.c 2004:3 *raw [buff] novatel.c 2006:8 *raw [buff] novatel.c 2014:3 *raw [buff] novatel.c 2017:22 *raw [buff] novatel.c 1794:31 *raw [buff] novatel.c 1812:12 *... + ... novatel.c 1812:12 tow novatel.c 1813:31 sec rtkcmn.c 1591:43 ... = ... rtkcmn.c 1598:3 *t [post update] [sec] rtkcmn.c 1598:3 *gpst2time [sec] rtkcmn.c 1591:16 call to gpst2time [sec] novatel.c 1813:15 ... = ... [sec] novatel.c 1813:3 *raw [post update] [time, sec] novatel.c 1813:3 *raw [time, sec] novatel.c 1826:28 *raw [time, sec] novatel.c 587:33 *raw [time, sec] novatel.c 683:46 time [sec] novatel.c 683:51 t2 [sec] rtkcmn.c 1701:44 *t2 [sec] rtkcmn.c 1702:48 *timediff rtkcmn.c 1701:15 call to timediff novatel.c 683:14

Call to floor with untrusted data from string read by fread: fread output argument novatel.c 2001:13 *raw [post update] [buff] novatel.c 2001:13 *raw [buff] novatel.c 2004:3 *raw [buff] novatel.c 2006:8 *raw [buff] novatel.c 2014:3 *raw [buff] novatel.c 2017:22 *raw [buff] novatel.c 1794:31 *raw [buff] novatel.c 1813:3 *raw [buff] novatel.c 1836:35 *raw [buff] novatel.c 800:40 *raw [buff] novatel.c 801:22 *... + ... novatel.c 801:22 *... + ... novatel.c 829:18 ... + ... novatel.c 829:15

Call to fabs with untrusted data from string read by fread: fread output argument novatel.c 2039:13 *raw [post update] [buff] novatel.c 2039:13 *raw [buff] novatel.c 2042:3 *raw [buff] novatel.c 2044:8 *raw [buff] novatel.c 2052:3 *raw [buff] novatel.c 2055:22 *raw [buff] novatel.c 1863:31 *raw [buff] novatel.c 1878:26 *raw [buff] novatel.c 1528:31 *raw [buff] novatel.c 1529:22 *... + ... novatel.c 1529:22 *... + ... novatel.c 1552:12 *p novatel.c 172:33 *R8 novatel.c 172:15 call to R8 novatel.c 1552:9 tow novatel.c 1554:31 sec rtkcmn.c 1591:43 ... = ... rtkcmn.c 1598:3 *t [post update] [sec] rtkcmn.c 1598:3 *gpst2time [sec] rtkcmn.c 1591:16 call to gpst2time [sec] novatel.c 1554:15 ... = ... [sec] novatel.c 1554:3 *raw [post update] [time, sec] novatel.c 1554:3 *raw [time, sec] novatel.c 1589:46 time [sec] novatel.c 1589:51 t2 [sec] rtkcmn.c 1701:44 *t2 [sec] rtkcmn.c 1702:48 *timediff rtkcmn.c 1701:15 call to timediff novatel.c 1589:14

Call to floor with untrusted data from string read by fread: fread output argument novatel.c 2039:13 *raw [post update] [buff] novatel.c 2039:13 *raw [buff] novatel.c 2042:3 *raw [buff] novatel.c 2044:8 *raw [buff] novatel.c 2052:3 *raw [buff] novatel.c 2055:22 *raw [buff] novatel.c 1863:31 *raw [buff] novatel.c 1880:26 *raw [buff] novatel.c 1607:31 *raw [buff] novatel.c 1609:22 *... + ... novatel.c 1609:22 *... + ... novatel.c 1647:15 ... + ... novatel.c 1663:23

Call to fabs with untrusted data from string read by fread: fread output argument novatel.c 2039:13 *raw [post update] [buff] novatel.c 2039:13 *raw [buff] novatel.c 2042:3 *raw [buff] novatel.c 2044:8 *raw [buff] novatel.c 2052:3 *raw [buff] novatel.c 2055:22 *raw [buff] novatel.c 1863:31 *raw [buff] novatel.c 1880:26 *raw [buff] novatel.c 1607:31 *raw [buff] novatel.c 1609:22 *... + ... novatel.c 1609:22 *... + ... novatel.c 1636:12 tow novatel.c 1637:31 sec rtkcmn.c 1591:43 ... = ... rtkcmn.c 1598:3 *t [post update] [sec] rtkcmn.c 1598:3 *gpst2time [sec] rtkcmn.c 1591:16 call to gpst2time [sec] novatel.c 1637:15 ... = ... [sec] novatel.c 1637:3 *raw [post update] [time, sec] novatel.c 1637:3 *raw [time, sec] novatel.c 1678:46 time [sec] novatel.c 1678:51 t2 [sec] rtkcmn.c 1701:44 *t2 [sec] rtkcmn.c 1702:48 *timediff rtkcmn.c 1701:15 call to timediff novatel.c 1678:14

Call to fread with untrusted data from string read by fread: fread output argument novatel.c 2001:13 *raw [post update] [buff] novatel.c 2001:13 *raw [buff] novatel.c 2004:3 *raw [buff] novatel.c 2006:22 *... + ... novatel.c 2006:22 ... = ... novatel.c 2006:8 *raw [post update] [len] novatel.c 2006:8 *raw [len] novatel.c 2011:29 ... - ... novatel.c 2011:29

Call to fread with untrusted data from string read by fread: fread output argument novatel.c 2039:13 *raw [post update] [buff] novatel.c 2039:13 *raw [buff] novatel.c 2042:3 *raw [buff] novatel.c 2044:22 *... + ... novatel.c 2044:22 *p novatel.c 157:39 *U4 novatel.c 157:21 (int)... novatel.c 2044:19 ... = ... novatel.c 2044:8 *raw [post update] [len] novatel.c 2044:8 *raw [len] novatel.c 2049:32 ... - ... novatel.c 2049:32