Parent: 1d73dc6a1a9a7a83dc77e547b0d639cea8b2d903
Author: Bastien Nocera <hadess@hadess.net>
Committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: 2024-07-08 17:39:21
Tree: c328aa9f77afef8c410447b3219611bdd3cc1635
mesh: Fix integer overflow due to cast operation Error: INTEGER_OVERFLOW (CWE-190): [#def15] [important] mesh/pb-adv.c:174:4: cast_overflow: Truncation due to cast operation on "size - consumed" from 32 to 8 bits. mesh/pb-adv.c:174:4: overflow_assign: "seg_size" is assigned from "size - consumed". mesh/pb-adv.c:177:3: overflow_sink: "seg_size", which might have overflowed, is passed to "memcpy(buf + 7, data + consumed, seg_size)". [Note: The source code implementation of the function has been overridden by a builtin model.] 175| 176| buf[6] = (i << 2) | 0x02; 177|-> memcpy(buf + 7, data + consumed, seg_size); 178| 179| pb_adv_send(session, MESH_IO_TX_COUNT_UNLIMITED, 500, Error: INTEGER_OVERFLOW (CWE-190): [#def16] [important] mesh/pb-adv.c:179:3: cast_overflow: Truncation due to cast operation on "seg_size + 7" from 32 to 16 bits. mesh/pb-adv.c:179:3: overflow_sink: "seg_size + 7", which might have overflowed, is passed to "pb_adv_send(session, 0, 500, buf, seg_size + 7)". 177| memcpy(buf + 7, data + consumed, seg_size); 178| 179|-> pb_adv_send(session, MESH_IO_TX_COUNT_UNLIMITED, 500, 180| buf, seg_size + 7);
Diffstat
| M | mesh/pb-adv.c | | | 2 | +- |
1 files changed, 1 insertions(+), 1 deletions(-)