-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible Buffer Underrun in cfe_fs_decompress.c [MMS-IVV-013] [OBS-1238] [GSFC DCR 22838] #135
Comments
Imported from trac issue 104. Created by sstrege on 2015-08-28T15:09:02, last modified: 2019-03-01T15:27:58 |
Trac comment by glimes on 2016-10-18 15:07:03: Remove my name from many tickets (where it was applied by default), so others can tell that there are tickets that need some attention. |
skliper
added a commit
to skliper/cFE
that referenced
this issue
Apr 24, 2020
Removes untraced capabilities to decompress libraries or apps on load. For non-startup apps, FS can be used. For startup, recommendation is to compress/decompress as part of boot/startup vs individual applications/libs at load. Also fixes nasa#291, by deprecating decompress it can be moved to the FS app. Also makes nasa#135 N/A, static code analysis issues in decompress
skliper
added a commit
to skliper/cFE
that referenced
this issue
Apr 24, 2020
Removes untraced capabilities to decompress libraries or apps on load. For non-startup apps, FS can be used. For startup, recommendation is to compress/decompress as part of boot/startup vs individual applications/libs at load. Also fixes nasa#291, by deprecating decompress it can be moved to the FS app. Also makes nasa#135 N/A, static code analysis issues in decompress
skliper
added a commit
to skliper/cFE
that referenced
this issue
Apr 28, 2020
Removes untraced capabilities to decompress libraries or apps on load. For non-startup apps, FS can be used. For startup, recommendation is to compress/decompress as part of boot/startup vs individual applications/libs at load. Also fixes nasa#291, by deprecating decompress it can be moved to the FS app. Also makes nasa#135 N/A, static code analysis issues in decompress
skliper
added a commit
to skliper/cFE
that referenced
this issue
May 8, 2020
Removes untraced capabilities to decompress libraries or apps on load. For non-startup apps, FS can be used. For startup, recommendation is to compress/decompress as part of boot/startup vs individual applications/libs at load. Also fixes nasa#291, by deprecating decompress it can be moved to the FS app. Also makes nasa#135 N/A, static code analysis issues in decompress
astrogeco
changed the title
MMS-IVV-013 (OBS-1238) - Static Code Analysis: Possible Buffer Underrun in cfe_fs_decompress.c (GSFC DCR 22838)
Static Code Analysis: Possible Buffer Underrun in cfe_fs_decompress.c [MMS-IVV-013] [OBS-1238] [GSFC DCR 22838]
Oct 1, 2020
astrogeco
changed the title
Static Code Analysis: Possible Buffer Underrun in cfe_fs_decompress.c [MMS-IVV-013] [OBS-1238] [GSFC DCR 22838]
Possible Buffer Underrun in cfe_fs_decompress.c [MMS-IVV-013] [OBS-1238] [GSFC DCR 22838]
Oct 1, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Source Code File: cfe\fsw\cfe-core\src\fs\cfe_fs_decompress.c
Line 530
Output from Code Analysis tool: "Buffer overflow, array index of 'x' may be outside the bounds. Array 'x' of size 17 declared at line 367 may use inde"
{{{
530 while ( ( i & ((1 << w) - 1) ) != x[h] ) {
531 h--; /* don't need to update q */
532 w -= l;
}}}
The array x could be under run if h attains a value of -1. This will occur if the condition does not evaluate to true before h is decremented below 0. This could also lead to an infinitely executing loop.
The text was updated successfully, but these errors were encountered: