Text   |  XML   |  ReML   |   Visible Warnings:

Integer Overflow of Allocation Size  at squat-uidlist.c:132

No properties have been set. | edit properties
Jump to warning location ↓ warning details...
Show Events | Options

uidlist_write_array

(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/fts-squat/squat-uidlist.c)expand/collapse
Show more  
 111  uidlist_write_array(struct ostream *output, const uint32_t *uid_list,
 112                      unsigned int uid_count, uint32_t packed_flags,
 113                      uint32_t offset, bool write_size, uint32_t *size_r)
 114  {
 115          uint8_t *uidbuf, *bufp, sizebuf[SQUAT_PACK_MAX_SIZE], *sizebufp;
 116          uint8_t listbuf[SQUAT_PACK_MAX_SIZE], *listbufp = listbuf;
 117          uint32_t uid, uid2, prev, base_uid, size_value;
 118          unsigned int i, bitmask_len, uid_list_len;
 119          unsigned int idx, max_idx, mask;
 120          bool datastack;
 121          int num;
 122   
 123          if ((packed_flags & UIDLIST_PACKED_FLAG_BEGINS_WITH_POINTER) != 0)
 124                  squat_pack_num(&listbufp, offset);
 125   
 126          /* @UNSAFE */
 127          base_uid = uid_list[0] & ~UID_LIST_MASK_RANGE;
 128          datastack = uid_count < 1024*8/SQUAT_PACK_MAX_SIZE;
 129          if (datastack)
 130                  uidbuf = t_malloc(SQUAT_PACK_MAX_SIZE * uid_count);
 131          else 
 132[+]                 uidbuf = i_malloc(SQUAT_PACK_MAX_SIZE * uid_count);
expand/collapse

i_malloc

(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/imem.c)expand/collapse
Show more  
 7  void *i_malloc(size_t size)
 8  {
 9      void *rv = malloc(size);
Show more  
Show more  




Change Warning 11949.24591 : Integer Overflow of Allocation Size

Priority:
State:
Finding:
Owner:
Note: