Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Incomplete
Priority: Not Evaluated
Fix Version/s: None
Affects Version/s: 5.12.1
Component/s: Core: Other
Labels:
None

Description

Issue found by Veracode in: qchar.h: 86

Attack Vector: indeximp

Number of Modules Affected: 1

Description: The indeximp() function expects an unsigned integer for argument 0, but a signed integer was passed instead. The signed integer will be implicitly cast to an unsigned integer, converting negative values into positive ones. If an attacker can control the signed value, it may be possible to trigger a buffer overflow if the value specifies the length of a memory write.

Remediation: Do not rely on implicit casts between signed and unsigned values because the result can take on an unexpected value and violate weak assumptions made elsewhere in the program.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Thiago Macieira

Reporter:: Przemyslaw Hasek

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10 Mar '22 11:31

Updated:: 11 Mar '22 15:23

Resolved:: 10 Mar '22 16:50

Gerrit Reviews

There are no open Gerrit changes