Buffer Overflow and Over-read Vulnerabilities

Joined
Jan 16, 2025
Messages
1
Reaction score
0
I've ported (stolen from KallistiOS) genromfs to build on Windows for ps2sdk-ports, but there may be potential bugs. Here are the problems.

line 434: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20).

line 555: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).

line 972: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).

line 990: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).

line 1037: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).

How do I fix them or is there a workaround?
 
Joined
Jan 14, 2025
Messages
25
Reaction score
6
I've ported (stolen from KallistiOS) genromfs to build on Windows for ps2sdk-ports, but there may be potential bugs. Here are the problems.

line 434: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20).

line 555: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).

line 972: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).

line 990: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).

line 1037: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).

How do I fix them or is there a workaround?
Use tools like Coverity, Clang Static Analyzer, or CodeQL to detect and fix such vulnerabilities during development.
  • Ensure the loop condition limits access to within the buffer's boundaries.
  • Use safe library functions like strncpy, memcpy_s, or equivalent for copying data.
  • Validate all inputs before use, ensuring they meet expected size and format constraints.
Hope this helps.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
474,249
Messages
2,571,244
Members
47,876
Latest member
Kiptechie

Latest Threads

Top