Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential buffer overflow #1773

Closed
2 tasks done
mbektchiev opened this issue Sep 17, 2021 · 2 comments
Closed
2 tasks done

Potential buffer overflow #1773

mbektchiev opened this issue Sep 17, 2021 · 2 comments
Assignees
@jmklix
Labels
bug This issue is a bug. p2 This is a standard priority issue

Comments

@mbektchiev
Copy link

Confirm by changing [ ] to [x] below to ensure that it's a bug:

Describe the bug
This call to GetModuleFilenameW specifies an incorrect buffer size and can result in a buffer overflow.

According to the docs the nSize parameter should be the number of characters and not bytes that the buffer can take. This means that the system function will start truncating the returned path only if it were longer than twice the buffer size.

SDK version number
latest main branch

Platform/OS/Hardware/Device
Windows

To Reproduce (observed behavior)
N/A

Expected behavior
N/A

Logs/output
N/A

Additional context
Reported by a static Veracode scan.
@mbektchiev mbektchiev added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 17, 2021
@KaibaLopez
Copy link
Contributor

Hi @mbektchiev ,
Yea I think you are right, thanks for bringing this up

@KaibaLopez KaibaLopez added needs-review This issue or pull request needs review from a core team member. and removed needs-triage This issue or PR still needs to be triaged. labels Sep 21, 2021
@jmklix jmklix self-assigned this Dec 20, 2022
@jmklix jmklix added p2 This is a standard priority issue and removed needs-review This issue or pull request needs review from a core team member. labels Dec 20, 2022
@DmitriyMusatkin DmitriyMusatkin mentioned this issue Sep 15, 2023
Merged
11 tasks
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmklix jmklix

Labels
bug This issue is a bug. p2 This is a standard priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jmklix @mbektchiev @KaibaLopez @DmitriyMusatkin