celix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Parker (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (CELIX-171) malloc() buffer overflows
Date Wed, 07 Jan 2015 22:40:36 GMT

     [ https://issues.apache.org/jira/browse/CELIX-171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Parker closed CELIX-171.
-------------------------------

> malloc() buffer overflows
> -------------------------
>
>                 Key: CELIX-171
>                 URL: https://issues.apache.org/jira/browse/CELIX-171
>             Project: Celix
>          Issue Type: Bug
>          Components: Framework, Remote Service Admin
>            Reporter: Daniel Parker
>
> framework/private/src/filter.c::filter_parseValue() initializes a local string by calling
strcup("") rather than actually allocating enough memory to store the resulting string.
> framework/private/src/filter.c::filter_parseSubstring() uses strlen() to determine how
much memory to allocate, but the actual worst case size is the length of the string plus one
for the trailing '\0'.
> remote_services/discovery/private/src/discovery_activator.c::bundleActivator_start()
sets 'scope[len] = 0', which is one character past the end of the allocated memory.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message