fedora 23
buffer weakness #24


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Requires maximum length in CHARACTERS, not bytes.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 23 buffer weakness.


unsigned int GetFileLength(HANDLE handle)
    DWORD result;

    result = SetFilePointer(handle, 0, NULL, FILE_END);

    if (result == INVALID_SET_FILE_POINTER)
        I_Error("W_Win32_OpenFile: Failed to read file length");

    return result;
static wad_file_t *W_Win32_OpenFile(char *path)
    win32_wad_file_t *result;
    wchar_t wpath[MAX_PATH + 1];
    HANDLE handle;

    // Open the file:

    MultiByteToWideChar(CP_OEMCP, 0,
                        path, strlen(path) + 1,
                        wpath, sizeof(wpath));

    handle = CreateFileW(wpath,

    if (handle == INVALID_HANDLE_VALUE)
        return NULL;

    // Create a new win32_wad_file_t to hold the file handle.

    result = Z_Malloc(sizeof(win32_wad_file_t), PU_STATIC, 0);
    result->wad.file_class = &win32_wad_file;
    result->wad.length = GetFileLength(handle);
    result->handle = handle;

    // Try to map the file into memory with mmap:

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.