From: mame@ruby-lang.org
To: ruby-core@ruby-lang.org
Subject: [ruby-core:69613] [Ruby trunk - Bug #11270] [Open] Coverity Scan warns out-of-bounds access in ext/socket
Date: Tue, 16 Jun 2015 18:21:44 +0000 [thread overview]
Message-ID: <redmine.issue-11270.20150616182142.821031d6aed5c3f1@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-11270.20150616182142@ruby-lang.org
Issue #11270 has been reported by Yusuke Endoh.
----------------------------------------
Bug #11270: Coverity Scan warns out-of-bounds access in ext/socket
https://bugs.ruby-lang.org/issues/11270
* Author: Yusuke Endoh
* Status: Open
* Priority: Normal
* Assignee:
* ruby -v:
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
Hello,
Coverity Scan warns ext/socket/init.c and raddrinfo.c.
`rsock_s_recvfrom` in ext/socket/init.c does:
arg.alen = (socklen_t)sizeof(arg.buf);
then calls `rsock_io_socket_addrinfo`:
return rb_assoc_new(str, rsock_io_socket_addrinfo(sock, &arg.buf.addr, arg.alen));
`rsock_io_socket_addrinfo` indirectly calls `init_addrinfo` in ext/socket/raddrinfo.c.
(`rsock_io_socket_addrinfo` -> `rsock_fd_socket_addrinfo` -> `rsock_addrinfo_new` -> `init_addrinfo`)
`init_addrinfo` does:
memcpy((void *)&rai->addr, (void *)sa, len);
Note that `sa` is `&arg.buf.addr`, and `len` is `arg.alen`. `&arg.buf.addr` is a pointer to sockaddr, and `arg.len` is `sizeof(union_sockaddr)`, not `sizeof(sockaddr)`, which is indeed inconsistent.
I don't think this inconsistency will cause actual harm, but it would be better to fix.
--
Yusuke Endoh <mame@ruby-lang.org>
--
https://bugs.ruby-lang.org/
next parent reply other threads:[~2015-06-16 17:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-11270.20150616182142@ruby-lang.org>
2015-06-16 18:21 ` mame [this message]
2015-06-18 7:49 ` [ruby-core:69647] [Ruby trunk - Bug #11270] [Feedback] Coverity Scan warns out-of-bounds access in ext/socket akr
2015-06-18 15:59 ` [ruby-core:69662] [Ruby trunk - Bug #11270] [Open] " mame
2015-06-19 1:36 ` [ruby-core:69672] [Ruby trunk - Bug #11270] " akr
2015-06-19 14:11 ` [ruby-core:69681] [Ruby trunk - Bug #11270] [Rejected] " mame
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.issue-11270.20150616182142.821031d6aed5c3f1@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).