fedora 24
buffer weakness #4

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

KoboDeluxe-0.5.1/sound/a_wave.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 buffer weakness.

 	log_printf(DLOG, "|    Author: %s\n", mf->author);
	log_printf(DLOG, "|   Remarks: %s\n", mf->remarks);
	log_printf(DLOG, "'------------------------------------------------------\n");

	return wid;
}


int audio_wave_load(int wid, const char *name, int looped)
{
	char buf[1024];
	SDL_AudioSpec spec;
	Uint8 *data = NULL;
	Uint32 size;
	int format = -2;
	int rate = 0;	/* Warning suppressor */
	int res;
	int using_loadwav = 0;

	/* Prepend path */
	strncpy(buf, eel_path(), sizeof(buf));
#ifdef WIN32
	strncat(buf, "\\", sizeof(buf));
#elif defined MACOS
	strncat(buf, ":", sizeof(buf));
#else
	strncat(buf, "/", sizeof(buf));
#endif
	strncat(buf, name, sizeof(buf));

	/* Check extension */
	if(strstr(name, ".raw") || strstr(name, ".RAW"))
	{
		format = -1;
		res = LoadRAW(buf, &data, &size, &format, &rate, &looped);
		if(res < 0)
			format = -1;
	}
	else if(strstr(name, ".agw") || strstr(name, ".AGW"))
		return agw_load(wid, name);	/* No full path here! */
	else if(strstr(name, ".mid") || strstr(name, ".MID"))
		return load_midi(wid, buf);
	else
	{
		using_loadwav = 1;
		res = SDL_LoadWAV(buf, &spec, &data, &size) ? 0 : -1;
	}

	wid = audio_wave_alloc(wid);
	if(wid < 0) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.