[CDRIVER-2596] Coverity analysis defect 101171: Integer overflow Created: 05/Apr/18  Updated: 28/Oct/23  Resolved: 13/Apr/18

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.10.0

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: A. Jesse Jiryu Davis
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

An integer overflow occurs, with the overflowed value used in a sensitive operation

Defect 101171 (STATIC_C)
Checker INTEGER_OVERFLOW (subcategory none)
File: /src/bson/bson-string.c
Function bson_strncpy
/src/bson/bson-string.c, line: 569
Subtract operation overflows on operands "size" and "1UL", whose values are unsigned constants, 0 and 1, respectively.

       dst[size - 1] = '\0';

File: /src/bson/bson-string.c
Function bson_strncpy
/src/bson/bson-string.c, line: 569
Subtract operation overflows on operands "size" and "1UL".

       dst[size - 1] = '\0';

/src/bson/bson-string.c, line: 569
Overflowed or truncated value (or a value computed from an overflowed or truncated value) "dst + (size - 1UL)" dereferenced.

       dst[size - 1] = '\0';



 Comments   
Comment by Githook User [ 13/Apr/18 ]

Author:

{'email': 'jesse@mongodb.com', 'name': 'A. Jesse Jiryu Davis', 'username': 'ajdavis'}

Message: CDRIVER-2596 buffer underflow in bson_strncpy

Calling bson_strncpy with size 0 would write one byte before the start
of the destination string.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/8ed31cd4cf6366cec6607149fa20dc8480f897b4

Generated at Wed Feb 07 21:15:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.