[Spice-devel] [spice-gtk 2/5] controller: Avoid out of string bound accesses in test

Mon, 06 Jan 2014 03:26:11 -0800 

When computing the amount of data to send for static strings, the test
program is confusing sizeof() which returns the size of the string
including the trailing '\0' and strlen() which returns the size of the
string without the trailing '\0'.
This causes attempts to access one byte past the string.
This fixes this coverity warning:
Error: OVERRUN (CWE-119): [#def44]
spice-gtk-0.20/spice-gtk-0.20/gtk/controller/test.c:258:
overrun-buffer-arg: Overrunning array ""main,inputs,playback"" of 21 bytes
by passing it to a function which accesses it at byte offset 21 using
argument "22UL".
spice-gtk-0.20/spice-gtk-0.20/gtk/controller/test.c:101:5:
access_dbuff_in_call: Calling "memcpy(void * restrict, void const *
restrict, size_t)" indexes array "data" with index "data_size".
---
 gtk/controller/test.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/gtk/controller/test.c b/gtk/controller/test.c
index 289ffb8..dffc7af 100644
--- a/gtk/controller/test.c
+++ b/gtk/controller/test.c
@@ -254,15 +254,15 @@ int main (int argc, char *argv[])
     send_data (CONTROLLER_HOST, (uint8_t*)host, strlen(host) + 1);
     send_value (CONTROLLER_PORT, port);
     send_value (CONTROLLER_SPORT, SPORT);
-    send_data (CONTROLLER_PASSWORD, (uint8_t*)PWD, sizeof(PWD) + 1);
-    send_data (CONTROLLER_SECURE_CHANNELS, (uint8_t*)SECURE_CHANNELS, 
sizeof(SECURE_CHANNELS) + 1);
-    send_data (CONTROLLER_DISABLE_CHANNELS, (uint8_t*)DISABLED_CHANNELS, 
sizeof(DISABLED_CHANNELS) + 1);
+    send_data (CONTROLLER_PASSWORD, (uint8_t*)PWD, strlen(PWD) + 1);
+    send_data (CONTROLLER_SECURE_CHANNELS, (uint8_t*)SECURE_CHANNELS, 
strlen(SECURE_CHANNELS) + 1);
+    send_data (CONTROLLER_DISABLE_CHANNELS, (uint8_t*)DISABLED_CHANNELS, 
strlen(DISABLED_CHANNELS) + 1);
     send_data (CONTROLLER_TLS_CIPHERS, (uint8_t*)TLS_CIPHERS, 
sizeof(TLS_CIPHERS) + 1);
-    send_data (CONTROLLER_CA_FILE, (uint8_t*)CA_FILE, sizeof(CA_FILE) + 1);
-    send_data (CONTROLLER_HOST_SUBJECT, (uint8_t*)HOST_SUBJECT, 
sizeof(HOST_SUBJECT) + 1);
-    send_data (CONTROLLER_SET_TITLE, (uint8_t*)TITLE, sizeof(TITLE) + 1);
-    send_data (CONTROLLER_HOTKEYS, (uint8_t*)HOTKEYS, sizeof(HOTKEYS) + 1);
-    send_data (CONTROLLER_CREATE_MENU, (uint8_t*)MENU, sizeof(MENU));
+    send_data (CONTROLLER_CA_FILE, (uint8_t*)CA_FILE, strlen(CA_FILE) + 1);
+    send_data (CONTROLLER_HOST_SUBJECT, (uint8_t*)HOST_SUBJECT, 
strlen(HOST_SUBJECT) + 1);
+    send_data (CONTROLLER_SET_TITLE, (uint8_t*)TITLE, strlen(TITLE) + 1);
+    send_data (CONTROLLER_HOTKEYS, (uint8_t*)HOTKEYS, strlen(HOTKEYS) + 1);
+    send_data (CONTROLLER_CREATE_MENU, (uint8_t*)MENU, strlen(MENU));
 
     send_value (CONTROLLER_FULL_SCREEN, /*CONTROLLER_SET_FULL_SCREEN |*/ 
CONTROLLER_AUTO_DISPLAY_RES);
 
-- 
1.8.4.2

_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel

Reply via email to