Missing a terminator after strncpy in function Server_jack_init, which may cause read-overflow
awen-li opened this issue · comments
Awen commented
Code snippet
Server_jack_init(Server *self)
{
int i = 0;
char client_name[32]; -----------> No initialization
char name[16];
.........
strncpy(client_name, self->serverName, 31); -------------> when length of self->serverName is 31, client_name may has no terminator. It is a risk of read-overflow.
.........
}
Description
Function: Server_jack_init
File: ad_jack.c
Call-path: boot (Python) -> Server_boot -> Server_jack_init
WarningType: read-overflow. Our analysis tool reported a warning at the call-site of strncpy. As client_name is not initialized, it may has no terminator after strncpy hence to cases read-overflow.
Also seen in Details
Awen commented
Anyone can help confirm this issue? thanks.
Olivier Bélanger commented
I'll take a look as soon as I get a chance. Thanks for reporting.
Olivier Bélanger commented
Fixed. Turns out that the copy was completely useless!
Awen commented
Fixed. Turns out that the copy was completely useless!
thanks