RVD#3270: CWE-120 (buffer), Does not check for buffer overflows (CWE-120)... @ ander/mag_calibration.cpp:803

[rvd-bot]

id: 3270
title: 'RVD#3270: CWE-120 (buffer), Does not check for buffer overflows (CWE-120)...
  @ ander/mag_calibration.cpp:803'
type: bug
description: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf,
  or vsnprintf. . Happening @ ...ander/mag_calibration.cpp:803
cwe:
- CWE-120
cve: None
keywords:
- flawfinder
- flawfinder_level_4
- static analysis
- testing
- triage
- CWE-120
- bug
- 'version: v1.7.0'
- 'robot component: PX4'
- components software
system: ./Firmware/src/modules/commander/mag_calibration.cpp:803:11
vendor: null
severity:
  rvss-score: 0
  rvss-vector: ''
  severity-description: ''
  cvss-score: 0
  cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/3270
flaw:
  phase: testing
  specificity: subject-specific
  architectural-location: application-specific
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: 2020-06-29 (21:08)
  detected-by: Alias Robotics
  detected-by-method: testing static
  date-reported: 2020-06-29 (21:08)
  reported-by: Alias Robotics
  reported-by-relationship: automatic
  issue: https://github.com/aliasrobotics/RVD/issues/3270
  reproducibility: always
  trace: (context) \t\t\t\t(void)sprintf(str, %s%u, MAG_BASE_DEVICE_PATH, cur_mag);
  reproduction: See artifacts below (if available)
  reproduction-image: gitlab.com/aliasrobotics/offensive/alurity/pipelines/active/pipeline_px4/-/jobs/616402716/artifacts/download
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: Use sprintf_s, snprintf, or vsnprintf
  pull-request: ''
  date-mitigation: ''