Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

potential integer overflow in 32bit system #32

Open
kangwoosukeq opened this issue Aug 18, 2021 · 0 comments
Open

potential integer overflow in 32bit system #32

kangwoosukeq opened this issue Aug 18, 2021 · 0 comments

Comments

@kangwoosukeq
Copy link

Hi, there are potential integer overflow vulnerabilities that can affect the 32bit system.

In src/util/output.c:59, the program reads the value of numOfVars from input file and calls createVector.

fscanf(in,"%d",numOfVars);

if (numOfVectors==0) return (0);

b=createVector(*numOfVars);

Since there is no range check in createVector, it may cause integer overflow and small buffer allocation which leads to buggy behavior.

vector createVector(int numOfVars) {
  vector w;

  w = (vector)malloc(sizeof(int)*(numOfVars+1));
  if (w==0) {
    printf("Could not allocate memory in function createVector.\n");
    printf("Please report this problem.\n");
    exit(0);
  }
  return (w);
}

Similar issues can happen in

4ti2/src/util/output.c

Line 720 in 4d70ab9

labels = (char **)malloc(sizeof(char*)*(numOfVars));

4ti2/src/util/output.c

Line 859 in 4d70ab9

labels = (char **)malloc(sizeof(char*)*(numOfVars));

Thank you.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kangwoosukeq