RTEMS | objectgetinfo.c: Potential access past end of array (#5076)
Joel Sherrill (@joel)
gitlab at rtems.org
Sat Jul 27 15:15:55 UTC 2024
Joel Sherrill created an issue: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5076
Assignee: Joel Sherrill
## Summary
If presented with a specific badly formed that includes an API class field of 4-7, this method will currently access beyond the end of the _Objects_Information_table array. This was spotted by Coverity -- CID 1592935
```
44Objects_Information *_Objects_Get_information_id(
45 Objects_Id id
46)
47{
CID 1592935: (#1 of 1): Out-of-bounds access (OVERRUN)
1. overrun-call: Overrunning callee's array of size 4 by passing argument _Objects_Get_API(id) (which evaluates to 7) in call to _Objects_Get_information.[show details]
48 return _Objects_Get_information(
49 _Objects_Get_API( id ),
50 _Objects_Get_class( id )
51 );
```
The fix is to ensure that the api field is validated in _Objects_Get_information().
--
View it on GitLab: https://gitlab.rtems.org/rtems/rtos/rtems/-/issues/5076
You're receiving this email because of your account on gitlab.rtems.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/bugs/attachments/20240727/9308f7c6/attachment.htm>
More information about the bugs
mailing list