Server_start_rec_internal(Server *self, char *filename)
{
.................
Server_debug(self, "Recording filename path = %s\n", filename); ----> filename comes from external module, the length is indeterminate
if (! (self->recfile = sf_open(filename, SFM_WRITE, &self->recinfo)))
{
Server_error(self, "Not able to open output file %s.\n", filename); ----> filename comes from external module, the length is indeterminate
Server_debug(self, "%s\n", sf_strerror(self->recfile));
return -1;
}
.................
}
Server_debug(Server *self, char * format, ...)
{
if (self->verbosity & 8)
{
char buffer[256];
va_list args;
va_start (args, format);
vsprintf (buffer, format, args); -----> Variable parameters may lead to write overflow in buffer
va_end (args);
PySys_WriteStdout("Pyo debug: %s", buffer);
}
}
Description
Function: Server_debug
File: servermodule.c
Call-path: recstart (Python) -> Server_start_rec -> Server_start_rec_internal -> Server_debug
WarningType: Write-overflow. Our analysis tool reported a warning at vsprintf in Server_debug. As buffer is a fixed size stack variable, when the debug mode is open, vsprintf may cause write overflow with no boundary check especially when the inputs depended on external modules (e.g., Python).
Also seen in Details
Code snippet
Description
Function: Server_debug File: servermodule.c Call-path: recstart (Python) -> Server_start_rec -> Server_start_rec_internal -> Server_debug WarningType: Write-overflow. Our analysis tool reported a warning at vsprintf in Server_debug. As buffer is a fixed size stack variable, when the debug mode is open, vsprintf may cause write overflow with no boundary check especially when the inputs depended on external modules (e.g., Python). Also seen in Details