alpine 3.9
buffer weakness #19


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.9 buffer weakness.


        if (overwrite && (pngcrush_mode == EXTENSION_MODE ||
            pngcrush_mode == DIRECTORY_MODE ||
            pngcrush_mode == DIREX_MODE))
            if (overwrite > 0)
               P1( "Ignoring \"-ow\"; cannot use it with \"-d\" or \"-e\"");

         * FIXME:  need same input-validation fixes (as above) here, too
         * FIXME:  what was the point of setting in_string and out_string in
         *         DIREX_MODE above if going to do all over again here?
        if (pngcrush_mode == EXTENSION_MODE || pngcrush_mode == DIREX_MODE)
            ip = in_string;
            in_string[0] = '\0';
            if (pngcrush_mode == EXTENSION_MODE)
                strncat(in_string, inname, STR_BUF_SIZE-1);
                strncat(in_string, outname, STR_BUF_SIZE-1);
            ip = in_string;
            op = dot = out_string;
            while (*ip != '\0')
                *op++ = *ip++;
#ifdef __riscos
                if (*ip == '/')
                    dot = op;
                if (*ip == '.')
                    dot = op;
            *op = '\0';

            if (dot != out_string)
                *dot = '\0';

            in_extension[0] = '\0';
            if (dot != out_string)
                strncat(in_extension, ++dot, STR_BUF_SIZE - 1);

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.