terrelln
commented
6 years ago It looks like this particular strcpy() and strcat() are safe, but it certainly doesn't hurt to use the safer functions.
Closed RootUp closed 6 years ago
terrelln
commented
6 years ago It looks like this particular strcpy() and strcat() are safe, but it certainly doesn't hurt to use the safer functions.
Cyan4973
commented
6 years ago I suspect that the analysis tool generically complains about usage of strcat().
But in this case, input and output sizes are controlled beforehand.
We have the size of both inputs, the resulting output size is known, buffer is sized accordingly.
So I'm pretty sure the concatenation will fit. Hence it looks like a false positive.
That being said, I'm not opposed using another function, such as strncat(), which feels safer. It sounds good practice, although to be complete, we'll have to care about potential portability issues, which can be surprising sometimes.
(I don't remember here, but it could be that strcat() was preferred over strncat() due to portability difficulties. We'll have to check)
Cyan4973
commented
6 years ago Fixed by @edenzik
RootUp
commented
6 years ago Thank you very much for the fix, I just wonder is their any thanks file on repo, or can I get some mention for this bug, would be great if possible.
Cheers
Hi Team,
This issue was observed while performing source code analysis that : https://github.com/facebook/zstd/blob/dev/programs/fileio.c#L1023
Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
Please have a look. (Whitehat Report #175277903183026)
Cheers!