[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Parfait analysis of GNU sed 4.2.2
From: |
Rich Burridge |
Subject: |
Parfait analysis of GNU sed 4.2.2 |
Date: |
Thu, 14 Feb 2013 10:10:48 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0 |
Hi,
I'm in the process of updating the version of GNU sed that's in
the Oracle Solaris O/S to 4.2.2. Part of this update requires
a security audit, including running the Parfait static code analysis
tool on the GNU sed code.
For more information on parfait, see the paper:
http://labs.oracle.com/projects/downunder/publications/pepm09.pdf
Anyhoo, parfait found the following error:
Error: Buffer overrun
Buffer overflow (CWE 120): In array dereference of
((char*)(word_limit + -1))[12] with index '-1+12'
Array size is 32000 bytes, -1+12 is -20
at line 257 of components/sed/sed-4.2.2/sed/fmt.c in function
'get_paragraph'.
Read outside array bounds (CWE 125): In array dereference of
((char*)(word_limit + -1))[12] with index '-1+12'
Array size is 32000 bytes, -1+12 is -20
at line 257 of components/sed/sed-4.2.2/sed/fmt.c in function
'get_paragraph'.
You might wish to review this and see if it is a real problem that
need addressing (as opposed to a false positive).
Thanks.
- Parfait analysis of GNU sed 4.2.2,
Rich Burridge <=