You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following issues were detected by covscan for shadow-utils version 4.8.1. I've done a first review to fix the critical ones, remove the false positives and divide the issues by type.
Error: OVERRUN (CWE-119): [#def15]
shadow-4.8.1/lib/groupio.c:320: assignment: Assigning: "members" = "0UL".
shadow-4.8.1/lib/groupio.c:345: assignment: Assigning: "i" = "0UL".
shadow-4.8.1/lib/groupio.c:346: assignment: Assigning: "members" += "i". The value of "members" is now 0.
shadow-4.8.1/lib/groupio.c:359: buffer_alloc: "calloc" allocates 8 bytes dictated by parameters "members + 1UL" and "8UL".
shadow-4.8.1/lib/groupio.c:359: var_assign: Assigning: "new_members" = "calloc(members + 1UL, 8UL)".
shadow-4.8.1/lib/groupio.c:365: assignment: Assigning: "i" = "0UL".
shadow-4.8.1/lib/groupio.c:370: assignment: Assigning: "members" = "i". The value of "members" is now 0.
shadow-4.8.1/lib/groupio.c:381: incr: Incrementing "members". The value of "members" is now 1.
shadow-4.8.1/lib/groupio.c:382: overrun-local: Overrunning array of 1 8-byte elements at element index 1 (byte offset 15) by dereferencing pointer "new_members + members".
380| new_members[members] = gptr2->gr_mem[i];
381| members++;
382|-> new_members[members] = NULL;
383| }
384| }
Error: OVERRUN (CWE-119): [#def26]
shadow-4.8.1/lib/port.c:177: alias: Assigning: "port.pt_names" = "ttys". "port.pt_names" now points to element 0 of "ttys" (which consists of 65 8-byte elements).
shadow-4.8.1/lib/port.c:178: cond_const: Checking "j < 64" implies that "j" is 64 on the false branch.
shadow-4.8.1/lib/port.c:198: overrun-local: Overrunning array of 65 8-byte elements at element index 65 (byte offset 527) by dereferencing pointer "port.pt_names + (j + 1)".
196| *cp = '\0';
197| cp++;
198|-> port.pt_names[j + 1] = (char *) 0;
199|
200| /*
The text was updated successfully, but these errors were encountered:
The following issues were detected by covscan for shadow-utils version 4.8.1. I've done a first review to fix the critical ones, remove the false positives and divide the issues by type.
The text was updated successfully, but these errors were encountered: