alpine 3.9
buffer weakness #45

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:

libraw/src/LibRaw-0.19.2/libraw/libraw_datastream.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.

 #define IOERROR()                                                                                                      \
  do                                                                                                                   \
  {                                                                                                                    \
    throw LIBRAW_EXCEPTION_IO_EOF;                                                                                     \
  } while (0)

class LibRaw_buffer_datastream;
class LibRaw_bit_buffer;

class DllDef LibRaw_abstract_datastream
{
public:
  LibRaw_abstract_datastream() { substream = 0; };
  virtual ~LibRaw_abstract_datastream(void)
  {
    if (substream)
      delete substream;
  }
  virtual int valid() = 0;
  virtual int read(void *, size_t, size_t) = 0;
  virtual int seek(INT64, int) = 0;
  virtual INT64 tell() = 0;
  virtual INT64 size() = 0;
  virtual int get_char() = 0;
  virtual char *gets(char *, int) = 0;
  virtual int scanf_one(const char *, void *) = 0;
  virtual int eof() = 0;
  virtual void *make_jas_stream() = 0;
  virtual int jpeg_src(void *) { return -1; }
  /* reimplement in subclass to use parallel access in xtrans_load_raw() if OpenMP is not used */
  virtual int lock() { return 1; } /* success */
  virtual void unlock() {}
  /* subfile parsing not implemented in base class */
  virtual const char *fname() { return NULL; };
#if defined(_WIN32) && !defined(__MINGW32__) && defined(_MSC_VER) && (_MSC_VER > 1310)
  virtual const wchar_t *wfname() { return NULL; };
  virtual int subfile_open(const wchar_t *) { return -1; }
#endif
  virtual int subfile_open(const char *) { return -1; }
  virtual void subfile_close() {}

  virtual int tempbuffer_open(void *, size_t);
  virtual void tempbuffer_close();

protected:
  LibRaw_abstract_datastream *substream;
};

#ifdef WIN32
template class DllDef std::auto_ptr<std::streambuf>; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.