njpaynemtu / rough-auditing-tool-for-security

Automatically exported from code.google.com/p/rough-auditing-tool-for-security
GNU General Public License v2.0
0 stars 0 forks source link

Segmentation fault when parse static buffer #7

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. write "static char gParseBuffer [MAX_SIZE];" in a file test.cpp
2. run rats -w3 --xml test.cpp 

What is the expected output? What do you see instead?
Expected to see the xml report of the Low warning: "fixed size global buffer". 
Got a segmentation fault just after <severity>Low</severity>

 $rats -w3 --xml test.cpp 
<?xml version="1.0"?><rats_output>
<stats>
<dbcount lang="perl">33</dbcount>
<dbcount lang="ruby">46</dbcount>
<dbcount lang="python">62</dbcount>
<dbcount lang="c">334</dbcount>
<dbcount lang="php">55</dbcount>
</stats>
<analyzed>test.cpp</analyzed>
<vulnerability>
  <severity>Low</severity>
Segmentation fault (core dumped)

What version of the product are you using? On what operating system?
RATS v2.3 on FreeBSD 10.0 amd64

If the report is exported to an xml file, this file end unexpectedly. This 
cause trouble to other tool exploiting this report.

Original issue reported on code.google.com by cafedjia...@gmail.com on 23 Jan 2014 at 1:35

Attachments:

GoogleCodeExporter commented 8 years ago
Tested with different syntax:
static char gParseBuffer [MAX_SIZE];
char gParseBuffer [MAX_SIZE];
char g [MAX_SIZE];
char g [1];
All segfault. But this work if circle by a function:
int main() { char g[1]; }
or just
{ char g[1]; }

Declaring a global array out of any block will cause rats to segfault.

Original comment by cafedjia...@gmail.com on 23 Jan 2014 at 1:50