Giters

microsoft / AirSim

Open source simulator for autonomous vehicles built on Unreal Engine / Unity, from Microsoft AI & Research

Home Page:https://microsoft.github.io/AirSim/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Potential Error unbounded-write Related to CWE-20

Close-Recover opened this issue · comments

commented

Bug report

  • AirSim Version/#commit: latest, but it appears in a much earlier version like v1.6.0-linux
  • UE/Unity version: 4.27
  • N/A
  • OS Version: Linux Ubuntu 18.04

What's the issue you encountered?

Dear developers,

When we use CodeQL (GitHub's own static code analysis tool) to analyze the project, it has reported an error from code that may cause breakdown. And we found that this potential error tends to exist in the project for a relatively long time. In this issue we will provide the error form a single file MavLinkCom/src/MavLinkLog.cpp, including its name, location and analysis steps (code data flow). Hopefully it will get your attention, and we are looking forward to further communication.

Settings

We use default settings.

How can the issue be reproduced?

  1. Prepare everything by following the guidance of official docs of Build AirSim on Linux before running './build.sh'
  2. Then use CodeQL create database command to establish database and set '--command = './build.sh'', it looks like: codeql database create new-database --language=<language> --command='./build.sh'
  3. Please note that the process needs a clean build and may take a long time to finish. Using clean command and parallelization techniques based on your hardware environment may help you make it faster

Include full error message in text form

  • Because of the limit of GitHub, we cannot attach the original file directly. You can contact us by email to obtain it: 2654209843@qq.com
  • Here is its information that were reported as the most important, they are focused on untrusted-data-to-external-api-ir: Data provided remotely is used in this external API without sanitization, which could be a security risk, which is related to CWE-20. The <number:number> pattern means the specific location of code (e.g. read output argument novatel.c 2001:13, 'fread output argument' is code, '2001:13' is detailed location) in code file and it helps you to detect code data flow in program:

fread output argument MavLinkLog.cpp 173:19 *msg [post update] [len] MavLinkLog.cpp 173:20 *msg [len] MavLinkLog.cpp 193:13 *msg [len] MavLinkLog.cpp 209:38 len MavLinkLog.cpp 209:38

image

What's better than filing an issue? Filing a pull request :).