search

TheAlgorithms / C

Collection of various algorithms in mathematics, machine learning, computer science, physics, etc implemented in C for educational purposes.
https://thealgorithms.github.io/C
GNU General Public License v3.0
19.02k stars 4.33k forks source link

[BUG] #1411

Open BugIdentifier opened 1 month ago

BugIdentifier commented 1 month ago

Description

Hi, certain potential security issues are found in this repository. Fixing them will remove certain security threats. They are listed below for reference:

Expected behavior

Insertion, deletion should work

Actual behavior

Memory overflow, null pointer dereference might occur

Possible fix

No response

Steps to reproduce

This is a security analysis using Clang.

Context

Analyzing and compiling bfs.c to bfs.o g->edges = malloc(V sizeof(int )); ^~~~~ bfs.c:121:12: warning: Potential leak of memory pointed to by 'Q' [unix.Malloc] return false; ^~~~~ 1 warnings generated.

Analyzing and compiling dfs.c to dfs.o g->edges = malloc(V sizeof(int )); ^~~~~ 1 warning generated. Compilation and analysis of dfs.c succeeded

Analyzing and compiling graph.c to graph.o graph.c:29:25: warning: the computation of the size of the memory allocation may overflow [alpha.security.MallocOverflow] g->edges = malloc(V sizeof(int )); ^~~~~ 1 warning generated. Compilation and analysis of graph.c succeeded

Analyzing and compiling merge_sort.c to merge_sort.o merge_sort.c:36:30: warning: the computation of the size of the memory allocation may overflow [alpha.security.MallocOverflow] int b = (int )malloc(n sizeof(int)); / dynamic memory must be freed / ^~~ merge_sort.c:117:16: warning: Untrusted data is used to specify the buffer size (CERT/STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator) [alpha.security.taint.TaintPropagation] a = (int )malloc(n sizeof(int)); ^~~~~~~ merge_sort.c:117:25: warning: the computation of the size of the memory allocation may overflow [alpha.security.MallocOverflow] a = (int )malloc(n * sizeof(int)); ^~~ 3 warnings generated.

Analyzing and compiling queue.c to queue.o queue.c:67:20: warning: Access to field 'next' results in a dereference of a null pointer (loaded from variable 'head') [core.NullDereference] head->next = NULL;


1 warning generated.
Compilation and analysis of queue.c succeeded

Analyzing and compiling red_black_tree.c to red_black_tree.o
red_black_tree.c:26:1: warning: Potential leak of memory pointed to by 'create' [unix.Malloc]
}
^
1 warning generated.
Compilation and analysis of red_black_tree.c succeeded

Analyzing and compiling stack.c to stack.o
stack.c:37:35: warning: the computation of the size of the memory allocation may overflow [alpha.security.MallocOverflow]
array = malloc(sizeof(void *) * max);
~~~~~~~~~~~~~~~^~~~~
stack.c:55:20: warning: Assigned value is garbage or undefined [core.uninitialized.Assign]
*(tmp + i) = *(array + i);
^ ~~~~~~~~~~~~
2 warnings generated.

### Additional information

These security errors are fatal.
github-actions[bot] commented 14 hours ago

This issue has been automatically marked as abandoned because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.