-
Type: Bug
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
An unscrutinized value from an untrusted source used as argument to a function (for example, a buffer size)
Defect 112395 (STATIC_C)
Checker TAINTED_SCALAR (subcategory critical_argument)
File: /src/tools/mongoc-stat.c
Function mongoc_counters_new_from_pid
/src/tools/mongoc-stat.c, line: 103
Calling function "pread" taints argument "len".
if (4 != pread (fd, &len, 4, 0)) {
/src/tools/mongoc-stat.c, line: 113
Assigning: "size" = "len". Both are now tainted.
size = len;
/src/tools/mongoc-stat.c, line: 115
Passing tainted variable "size" to a tainted sink.
if (MAP_FAILED == (mem = mmap (NULL, size, PROT_READ, MAP_SHARED, fd, 0))) {