alpine 3.7
buffer weakness #42

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

audacity/src/audacity-Audacity-2.1.1/lib-src/libnyquist/nyquist/cmt/userio.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.7 buffer weakness.

 void    clean_exit(void);   /* exit the program after cleaning up */
void    io_init(void);      /* overall initialization */
void    abort_check(void);  /* exit if aborted */

int check_aborted(void);        /* looks to see if user typed ctrl-C */

int     askbool(char *prompt, int deflt);
FILE    *fileopen(char *deflt, char *extension, char *mode, char *prompt);
void    readln(FILE *fp);
void gflush(void);
int gputchar(int c);
int ggetchar();
char *ggets(char *str);
boolean ascii_input(char *c);
void unget_ascii(char c);
boolean check_ascii(void);

#ifdef MACINTOSH
boolean get_file_info(char *filename, OSType *file_type, OSType *file_creator);
boolean put_file_info(char *filename, OSType file_type, OSType file_creator);
#endif

#ifdef DONT_USE_CMT_IO
#define ggetchar        getchar
#define ggets           gets
#define gprintf         fprintf
#define gputchar        putchar
#define gprintf fprintf
#define gputchar putchar
#endif

#ifdef MICROSOFT
void c_break(int sig);
#endif
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.