fedora 24
buffer weakness #3

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

KoboDeluxe-0.5.1/sound/a_wave.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

 		SDL_FreeWAV(data);
	else
		free(data);

	return wid;
}


int audio_wave_save(int wid, const char *name)
{
	char buf[1024];
	audio_wave_t *wave = audio_wave_get(wid);
	if(!wave)
		return -1;

	/* Prepend path */
	strncpy(buf, eel_path(), sizeof(buf));
#ifdef WIN32
	strncat(buf, "\\", sizeof(buf));
#elif defined MACOS
	strncat(buf, ":", sizeof(buf));
#else
	strncat(buf, "/", sizeof(buf));
#endif
	strncat(buf, name, sizeof(buf));
	log_printf(DLOG, "Saving to \"%s\"\n", buf);
	/* Check extension */
	if(strstr(name, ".raw") || strstr(name, ".RAW"))
		return SaveRAW(buf, wave->data.si8, wave->size,
				(int)wave->format, wave->rate, wave->looped);
	else
		return -2;
}


void audio_wave_free(int wid)
{
	int w, first, last;
	CHECKINIT
	if(wid < 0)
	{
		first = 0;
		last = AUDIO_MAX_WAVES - 1;
	}
	else
		first = last = wid;
	for(w = first; w <= last; ++w)
	{
		if(!wavetab[w].data.si8)
			continue; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.