hidapi icon indicating copy to clipboard operation
hidapi copied to clipboard
verified publisher icon libusb

"Untrusted allocation size" in tests

Open Youw opened this issue 2 years ago • 1 comments

Coverity issue CID1530056

Low impact - tests only.

CC: @JoergAtGithub

Youw avatar May 21 '23 08:05 Youw

hid_report_reconstructor_test.c:

 95                if (FirstByteOfLinkCollectionArray != 0 && NumberLinkCollectionNodes != 0) {
   	514. var_assign_var: Assigning: size_of_preparsed_data = 44ULL + FirstByteOfLinkCollectionArray + NumberLinkCollectionNodes * 16ULL. Both are now tainted.
 96                        size_t size_of_preparsed_data = offsetof(hidp_preparsed_data, caps) + FirstByteOfLinkCollectionArray + (NumberLinkCollectionNodes * sizeof(hid_pp_link_collection_node));
 97                        pp_data->FirstByteOfLinkCollectionArray = FirstByteOfLinkCollectionArray;
 98                        pp_data->NumberLinkCollectionNodes = NumberLinkCollectionNodes;
 99                        FirstByteOfLinkCollectionArray = 0;
100                        NumberLinkCollectionNodes = 0;
   	
CID 1530056 (#1-15 of 15): Untrusted allocation size (TAINTED_SCALAR)
515. tainted_data: Passing tainted expression size_of_preparsed_data to malloc, which uses it as an allocation size.
   	Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
101                        pp_data = malloc(size_of_preparsed_data);
102                        memcpy(pp_data, &static_pp_data, sizeof(static_pp_data));
103                }

Youw avatar May 21 '23 08:05 Youw