Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Invalid
Priority: Not Evaluated
Fix Version/s: None
Affects Version/s: 5.12.1
Component/s: Core: Other
Labels:
None

Description

Bug found by Veracode in qflags.h: 68.

Attack Vector: set

Number of Modules Affected: 1

Description: This assignment creates a type mismatch by populating an signed variable with an unsigned value. The unsigned integer will be implicitly cast to a signed integer, converting large positive values into negative ones. If an attacker can control the unsigned value, it may be possible to cause a buffer underwrite, which could occur if the value is used as an index into a buffer or for pointer arithmetic.

Remediation: Do not rely on implicit casts between unsigned and signed values because the result can take on an unexpected value and violate weak assumptions made elsewhere in the program.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Thiago Macieira

Reporter:: Przemyslaw Hasek

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10 Mar '22 11:36

Updated:: 11 Mar '22 09:18

Resolved:: 10 Mar '22 16:52

Gerrit Reviews

There are no open Gerrit changes