alpine 3.9
buffer weakness #43

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

libraw/src/LibRaw-0.19.2/src/libraw_datastream.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

 #ifdef WIN32SECURECALLS
  return substream ? substream->seek(o, whence) : _fseeki64(f, o, whence);
#else
  return substream ? substream->seek(o, whence) : fseek(f, (long)o, whence);
#endif
#else
  return substream ? substream->seek(o, whence) : fseeko(f, o, whence);
#endif
}

INT64 LibRaw_bigfile_datastream::tell()
{
  LR_BF_CHK();
#if defined(WIN32)
#ifdef WIN32SECURECALLS
  return substream ? substream->tell() : _ftelli64(f);
#else
  return substream ? substream->tell() : ftell(f);
#endif
#else
  return substream ? substream->tell() : ftello(f);
#endif
}

char *LibRaw_bigfile_datastream::gets(char *str, int sz)
{
  LR_BF_CHK();
  return substream ? substream->gets(str, sz) : fgets(str, sz, f);
}

int LibRaw_bigfile_datastream::scanf_one(const char *fmt, void *val)
{
  LR_BF_CHK();
  return substream ? substream->scanf_one(fmt, val) :
#ifndef WIN32SECURECALLS
                   fscanf(f, fmt, val)
#else
                   fscanf_s(f, fmt, val)
#endif
      ;
}

const char *LibRaw_bigfile_datastream::fname() { return filename.size() > 0 ? filename.c_str() : NULL; }

int LibRaw_bigfile_datastream::subfile_open(const char *fn)
{
  if (sav)
    return EBUSY;
  sav = f;
#ifndef WIN32SECURECALLS 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.