Coverity analysis defect 112395: Untrusted value as argument

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Won't Do
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Not Needed
    • None
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      An unscrutinized value from an untrusted source used as argument to a function (for example, a buffer size)

      Defect 112395 (STATIC_C)
      Checker TAINTED_SCALAR (subcategory critical_argument)
      File: /src/tools/mongoc-stat.c
      Function mongoc_counters_new_from_pid
      /src/tools/mongoc-stat.c, line: 103
      Calling function "pread" taints argument "len". 

             if (4 != pread (fd, &len, 4, 0)) {

      /src/tools/mongoc-stat.c, line: 113
      Assigning: "size" = "len". Both are now tainted. 

             size = len;

      /src/tools/mongoc-stat.c, line: 115
      Passing tainted variable "size" to a tainted sink. 

             if (MAP_FAILED == (mem = mmap (NULL, size, PROT_READ, MAP_SHARED, fd, 0))) {

            Assignee:
            Unassigned
            Reporter:
            Coverity Collector User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: