bug-gnu-chess
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in return_append_str

From: Antonio Ceballos
Subject: Re: Bug in return_append_str
Date: Mon, 3 Jul 2017 00:14:06 +0200
Hi Mark,

Thanks for finding this potential bug and for providing a fix. However, How would you reply to the comment that is written right before the line you mentioned (I am not the author):

    /* This doesn't have buffer overflow vulnerabilities, because
       we always allocate for enough space before appending. */

Thanks,
Antonio Ceballos


On Fri, Jun 30, 2017 at 2:20 PM, Mark Hermeling <address@hidden> wrote:
Hello,

There is a buffer overrun in return_append_str in src/frontend/lexpgn.cc at line
2224 newloc = (char *) malloc(strlen(s))+1;

The line should read:
newloc = (char *) malloc(strlen(s)+1);

We found this using static analysis using CodeSonar. I don’t have an actual path that will demonstrate this bug.

Regards,
Mark

Mark Hermeling | GrammaTech | Senior Director Product Marketing
mobile +1 (607) 351-5719 | www.grammatech.com













_______________________________________________
Bug-gnu-chess mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/bug-gnu-chess


reply via email to
[Prev in Thread] Current Thread [Next in Thread]