japronto icon indicating copy to clipboard operation
japronto copied to clipboard

Published 20 hours ago verified publisher icon squeaky-pl

A risk of writing to an invalid address with memcpy in function Parser_feed

Open awen-li opened this issue 3 years ago • 1 comments

Code snippet

Parser_feed(Parser* self, PyObject *args)
{
     ........
     if((size_t)data_len > self->buffer_capacity - (self->buffer_end - self->buffer_start)) {
            self->buffer_capacity = MAX(self->buffer_capacity * 2, self->buffer_end - self->buffer_start + data_len);
            if(self->buffer == self->inline_buffer) {
                   self->buffer = malloc(self->buffer_capacity);    --------> may return a NULL pointer
                   memcpy(self->buffer + self->buffer_start, self->inline_buffer + self->buffer_start,
                                  self->buffer_end - self->buffer_start);
    } 
    ........
}

Description

Function: Parser_feed File: cparser.c Call-path: feed (Python) -> Parser_feed -> memcpy WarningType: Invalid write. Our analysis tool reported a warning on potential write at an invalid address. As the buffer_capacity may depend on external inputs, hence it is possible that malloc-fail happens. Return value validation is necessary at this point. Also seen in Details

awen-li avatar May 27 '21 06:05 awen-li

Anyone can help confirm this issue? thanks.

awen-li avatar May 31 '21 19:05 awen-li