alpine 3.9
buffer weakness #15

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

perl/src/perl-5.26.3/win32/win32.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

        unlike using HUGE_VAL/_HUGE which are data symbol imports from the CRT
       and therefore can not by folded by VC, an example of constant
       folding INF is creating -INF */
    return (DBL_MAX+DBL_MAX);
}
#pragma warning(pop)
#define NV_INF S_Infinity()

/* selectany allows duplicate and unused data symbols to be removed by
   VC linker, if this were static, each translation unit will have its own,
   usually unused __PL_nan_u, if this were plain extern it will cause link
   to fail due to multiple definitions, since we dont know if we are being
   compiled as static or DLL XS, selectany simply always works, the cost of
   importing __PL_nan_u across DLL boundaries in size in the importing DLL
   will be more than the 8 bytes it will take up being in each XS DLL if
   that DLL actually uses __PL_nan_u */
extern const __declspec(selectany) union { unsigned __int64 __q; double __d; }
__PL_nan_u = { 0x7FF8000000000000UI64 };
#define NV_NAN ((NV)__PL_nan_u.__d)

/* The CRT was rewritten in VS2015. */
#if _MSC_VER >= 1900

/* No longer declared in stdio.h */
char *gets(char* buffer);

#define tzname _tzname

/* From corecrt_internal_stdio.h: */
typedef struct
{
    union
    {
        FILE  _public_file;
        char* _ptr;
    };

    char*            _base;
    int              _cnt;
    long             _flags;
    long             _file;
    int              _charbuf;
    int              _bufsiz;
    char*            _tmpfname;
    CRITICAL_SECTION _lock;
} __crt_stdio_stream_data;

#define PERLIO_FILE_flag_RD 0x0001 /* _IOREAD   */
#define PERLIO_FILE_flag_WR 0x0002 /* _IOWRITE  */
#define PERLIO_FILE_flag_RW 0x0004 /* _IOUPDATE */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.