centos 7
buffer weakness #25


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Does not check for buffer overflows.

File Name:



The highlighted line of code below is the trigger point of this particular Centos 7 buffer weakness.

 #define FLARG_PASS	, file, line
#define FLARG		, const char *file, unsigned int line
#define FLARG_PASS
#define FLARG

typedef struct element element;
struct element {
	element *		next;

typedef struct {
	 * This structure must be ALIGNMENT_SIZE bytes.
	union {
		size_t		size;
		isc__mem_t	*ctx;
		char		bytes[ALIGNMENT_SIZE];
	} u;
} size_info;

struct stats {
	unsigned long		gets;
	unsigned long		totalgets;
	unsigned long		blocks;
	unsigned long		freefrags;

#define MEM_MAGIC		ISC_MAGIC('M', 'e', 'm', 'C')

typedef ISC_LIST(debuglink_t)	debuglist_t;

/* List of all active memory contexts. */

static ISC_LIST(isc__mem_t)	contexts;
static isc_once_t		once = ISC_ONCE_INIT;
static isc_mutex_t		lock;

 * Total size of lost memory due to a bug of external library.
 * Locked by the global lock.
static isc_uint64_t		totallost;

struct isc__mem { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.