View Issue Details

IDProjectCategoryView StatusLast Update
0006157GNUnetutil librarypublic2020-04-23 10:47
ReporterfefeAssigned ToChristian Grothoff 
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.13.0Fixed in Version0.13.0 
Summary0006157: Integer truncation in GNUNET_STRINGS_string_to_data
Description 954 int
 955 GNUNET_STRINGS_string_to_data (const char *enc,
 956 size_t enclen,
 957 void *out,
 958 size_t out_size)
 959 {
 960 unsigned int rpos;
 961 unsigned int wpos;
 962 unsigned int bits;
 963 unsigned int vbit;

 976 wpos = out_size;
 977 rpos = enclen;

These assign 64-bit values to 32-bit integers (when compiled for a 64-bit target which I assume is standard these days).
rpos and wpos should be size_t, not unsigned int.
TagsNo tags attached.

Activities

Christian Grothoff

2020-04-03 18:55

manager   ~0015515

Fixed in 6fd24eef2..6d7fd3328. Also added an overflow check on out_size for good measure.

Issue History

Date Modified Username Field Change
2020-04-03 12:44 fefe New Issue
2020-04-03 18:55 Christian Grothoff Note Added: 0015515
2020-04-03 18:55 Christian Grothoff Assigned To => Christian Grothoff
2020-04-03 18:55 Christian Grothoff Status new => resolved
2020-04-03 18:55 Christian Grothoff Resolution open => fixed
2020-04-03 18:55 Christian Grothoff Fixed in Version => 0.12.2
2020-04-03 18:55 Christian Grothoff Target Version => 0.12.2
2020-04-23 10:45 schanzen Fixed in Version 0.12.2 => 0.13.0
2020-04-23 10:47 schanzen Target Version 0.12.2 => 0.13.0