Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Out-of-bounds write #541

Closed
Youw opened this issue May 9, 2023 · 0 comments · Fixed by #560
Closed

Fix: Out-of-bounds write #541

Youw opened this issue May 9, 2023 · 0 comments · Fixed by #560
Labels
bug Something isn't working hidraw Related to Linux/hidraw backend

Comments

@Youw
Copy link
Member

Youw commented May 9, 2023

Found as part of: #63

static int parse_hid_vid_pid_from_uevent_path(const char *uevent_path, unsigned *bus_type, unsigned short *vendor_id, unsigned short *product_id)
446{
447        int handle;
448        ssize_t res;
449
450        handle = open(uevent_path, O_RDONLY | O_CLOEXEC);
   	1. Condition handle < 0, taking false branch.
451        if (handle < 0) {
452                register_global_error_format("open failed (%s): %s", uevent_path, strerror(errno));
453                return 0;
454        }
455
456        char buf[1024];
   	2. identity_transfer: Passing 1024UL as argument 3 to function read, which returns that argument.
   	3. assignment: Assigning: res = read(handle, buf, 1024UL). The value of res is now 1024.
457        res = read(handle, buf, sizeof(buf));
458        close(handle);
459
   	4. Condition res < 0, taking false branch.
460        if (res < 0) {
461                register_global_error_format("read failed (%s): %s", uevent_path, strerror(errno));
462                return 0;
463        }
464
   	
CID 1529210 (#1 of 1): Out-of-bounds write (OVERRUN)
5. overrun-local: Overrunning array buf of 1024 bytes at byte offset 1024 using index res (which evaluates to 1024).
465        buf[res] = '\0';
466        return parse_hid_vid_pid_from_uevent(buf, bus_type, vendor_id, product_id);
467}
@Youw Youw added bug Something isn't working hidraw Related to Linux/hidraw backend labels May 9, 2023
@Youw Youw mentioned this issue May 12, 2023
Closed
Youw added a commit that referenced this issue May 21, 2023
@Youw
Fix "Out-of-bounds write"
4c9aecf 
Fixes: #541
@Youw Youw mentioned this issue May 21, 2023
Merged
@Youw Youw closed this as completed in #560 May 22, 2023
Youw added a commit that referenced this issue May 22, 2023
@Youw
Fix "Out-of-bounds write" (#560)
435650a 
Fixes: #541
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working hidraw Related to Linux/hidraw backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix "Out-of-bounds write" libusb/hidapi
1 participant
@Youw