Details
-
Bug
-
Resolution: Incomplete
-
Not Evaluated
-
None
-
5.12.1
-
None
Description
Issue found by Veracode in: qchar.h: 86
Attack Vector: indeximp
Number of Modules Affected: 1
Description: The indeximp() function expects an unsigned integer for argument 0, but a signed integer was passed instead. The signed integer will be implicitly cast to an unsigned integer, converting negative values into positive ones. If an attacker can control the signed value, it may be possible to trigger a buffer overflow if the value specifies the length of a memory write.
Remediation: Do not rely on implicit casts between signed and unsigned values because the result can take on an unexpected value and violate weak assumptions made elsewhere in the program.