alpine 3.9
buffer weakness #44

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

libraw/src/LibRaw-0.19.2/libraw/libraw_datastream.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

   }

private:
  unsigned char *buf;
  size_t streampos, streamsize;
};

class DllDef LibRaw_bigfile_datastream : public LibRaw_abstract_datastream
{
public:
  LibRaw_bigfile_datastream(const char *fname);
#if defined(_WIN32) && !defined(__MINGW32__) && defined(_MSC_VER) && (_MSC_VER > 1310)
  LibRaw_bigfile_datastream(const wchar_t *fname);
#endif
  virtual ~LibRaw_bigfile_datastream();
  virtual int valid();
  virtual int jpeg_src(void *jpegdata);
  virtual void *make_jas_stream();

  virtual int read(void *ptr, size_t size, size_t nmemb);
  virtual int eof();
  virtual int seek(INT64 o, int whence);
  virtual INT64 tell();
  virtual INT64 size() { return _fsize; }
  virtual char *gets(char *str, int sz);
  virtual int scanf_one(const char *fmt, void *val);
  virtual const char *fname();
#if defined(_WIN32) && !defined(__MINGW32__) && defined(_MSC_VER) && (_MSC_VER > 1310)
  virtual const wchar_t *wfname();
  virtual int subfile_open(const wchar_t *fn);
#endif
  virtual int subfile_open(const char *fn);
  virtual void subfile_close();
  virtual int get_char()
  {
#if !defined(_WIN32) && !defined(__MINGW32__)
    return substream ? substream->get_char() : getc_unlocked(f);
#else
    return substream ? substream->get_char() : fgetc(f);
#endif
  }

protected:
  FILE *f, *sav;
  std::string filename;
  INT64 _fsize;
#ifdef WIN32
  std::wstring wfilename;
#endif
}; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.