|
 |
71ed48 |
The following issue has been found by Coverity static analysis tool.
|
|
|
71ed48 |
|
|
|
71ed48 |
Error: STRING_OVERFLOW (CWE-120): [#def53]
|
|
|
71ed48 |
gd-2.0.35/annotate.c:42: cond_false: Condition "argc != 3", taking false branch
|
|
|
71ed48 |
gd-2.0.35/annotate.c:60: if_end: End of if statement
|
|
|
71ed48 |
gd-2.0.35/annotate.c:64: cond_false: Condition "!in", taking false branch
|
|
|
71ed48 |
gd-2.0.35/annotate.c:68: if_end: End of if statement
|
|
|
71ed48 |
gd-2.0.35/annotate.c:75: cond_false: Condition "!im", taking false branch
|
|
|
71ed48 |
gd-2.0.35/annotate.c:79: if_end: End of if statement
|
|
|
71ed48 |
gd-2.0.35/annotate.c:80: cond_true: Condition "fgets(s, 1024 /* sizeof (s) */, stdin)", taking true branch
|
|
|
71ed48 |
gd-2.0.35/annotate.c:85: cond_false: Condition "!st", taking false branch
|
|
|
71ed48 |
gd-2.0.35/annotate.c:89: if_end: End of if statement
|
|
|
71ed48 |
gd-2.0.35/annotate.c:90: cond_true: Condition "!__coverity_strcmp(st, "font")", taking true branch
|
|
|
71ed48 |
gd-2.0.35/annotate.c:93: cond_false: Condition "!st", taking false branch
|
|
|
71ed48 |
gd-2.0.35/annotate.c:96: if_end: End of if statement
|
|
|
71ed48 |
gd-2.0.35/annotate.c:97: fixed_size_dest: You might overrun the 1024 byte fixed-size string "font" by copying "st" without checking the length.
|
|
|
71ed48 |
|
|
|
71ed48 |
diff -up gd-2.0.35/annotate.c.sa3 gd-2.0.35/annotate.c
|
|
|
71ed48 |
--- gd-2.0.35/annotate.c.sa3 2012-12-05 17:26:21.157729019 +0100
|
|
|
71ed48 |
+++ gd-2.0.35/annotate.c 2012-12-05 17:27:31.762762209 +0100
|
|
|
71ed48 |
@@ -94,6 +94,10 @@ main (int argc, char *argv[])
|
|
|
71ed48 |
{
|
|
|
71ed48 |
goto badLine;
|
|
|
71ed48 |
}
|
|
|
71ed48 |
+ if (strlen(st) >= sizeof(font) - 1)
|
|
|
71ed48 |
+ {
|
|
|
71ed48 |
+ goto badLine;
|
|
|
71ed48 |
+ }
|
|
|
71ed48 |
strcpy (font, st);
|
|
|
71ed48 |
}
|
|
|
71ed48 |
else if (!strcmp (st, "align"))
|