[Bug 203943] makefs: Coverity CID 977469: False positive

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203943

            Bug ID: 203943
           Summary: makefs: Coverity CID 977469: False positive
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: scdbackup at gmx.net

usr.sbin/makefs/cd9660/cd9660_debug.c

CID 977469: Out-of-bounds access (OVERRUN)
   1. overrun-buffer-val: Overrunning array pttemp->parent_number
   of 2 bytes by passing it to a function which accesses it at
   byte offset 3.

186        printf("<parent_number>%i</parent_number>\n",
187            debug_get_encoded_number(pttemp->parent_number,mode));

--------------- Source analysis:

The problem is with debug_get_encoded_number() which depending
on iparameter "mode" reads more or less bytes.

The complained call is in function debug_dump_to_xml_ptentry(),
which gets called only by function debug_dump_to_xml_path_table().
It gets the "mode" value as parameter.
This function gets called at two occasions in debug_dump_to_xml():

        debug_dump_to_xml_path_table(fd, t, t2, 721);

        debug_dump_to_xml_path_table(fd, t, t2, 722);

The modes 721 and 722 select 2-byte reading in debug_get_encoded_number().
So the size of pttemp->parent_number is sufficient.

--------------- Remedy proposal:

In Coverity classify CID 977469 as "False positive" and set its Action
to "Ignore".

-- 
You are receiving this mail because:
You are the assignee for the bug.