← Back to team overview

dx-packages team mailing list archive

  1. dx-packages team
  2. Mailing list archive
  3. Message #34654

[Bug 937584] Re: Coverity INTEGER_OVERFLOW - CID 10641

  Thread PreviousDate PreviousThread Next 
** Changed in: nux (Ubuntu)
       Status: New => Fix Released

** Changed in: nux (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to nux in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/937584

Title:
  Coverity INTEGER_OVERFLOW - CID 10641

Status in Nux:
  Fix Released
Status in Nux 4.0 series:
  Fix Released
Status in nux package in Ubuntu:
  Fix Released

Bug description:
  This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
  CID: 10641
  Checker: INTEGER_OVERFLOW
  Category: critical_argument
  CWE definition: http://cwe.mitre.org/data/definitions/190.html
  File: /tmp/buildd/nux-2.4.0/NuxCore/TinyXML/tinyxml.cpp
  Function: TiXmlDocument::LoadFile(_IO_FILE *, TiXmlEncoding)
  Code snippet:
  At conditional: "*p == 10" taking False branch
  At conditional: "*p == 10" taking False branch
  At conditional: "*p == 10" taking True branch
  1157     if ( *p == 0xa )
  1158     {
  1159       // Newline character. No special rules for this. Append all the characters
  1160       // since the last string, and include the newline.
  CID 10641 - INTEGER_OVERFLOW
  Add operation overflows on operands "p - lastPos" and "1L". Example value for operand: "p - lastPos" = 0111111111111111111111111111111111111111111111111111111111111111.
  Overflowed or truncated value (or a value computed from an overflowed or truncated value) "p - lastPos + 1L" used as critical argument to function.
  1161       data.append ( lastPos, (p - lastPos + 1) );	// append, include the newline
  1162       ++p;									// move past the newline
  1163       lastPos = p;							// and point to the new buffer (may be 0)
  1164       assert ( p <= (buf + length) );
  1165     }
  At conditional: "*p == 13" taking False branch
  At conditional: "*p == 13" taking False branch
  1166     else if ( *p == 0xd )

To manage notifications about this bug go to:
https://bugs.launchpad.net/nux/+bug/937584/+subscriptions
  Thread PreviousDate PreviousThread Next