Actions
Bug #11270
closedCoverity Scan warns out-of-bounds access in ext/socket
Description
Hello,
Coverity Scan warns ext/socket/init.c and raddrinfo.c.
rsock_s_recvfrom
in ext/socket/init.c does:
arg.alen = (socklen_t)sizeof(arg.buf);
then calls rsock_io_socket_addrinfo
:
return rb_assoc_new(str, rsock_io_socket_addrinfo(sock, &arg.buf.addr, arg.alen));
rsock_io_socket_addrinfo
indirectly calls init_addrinfo
in ext/socket/raddrinfo.c.
(rsock_io_socket_addrinfo
-> rsock_fd_socket_addrinfo
-> rsock_addrinfo_new
-> init_addrinfo
)
init_addrinfo
does:
memcpy((void *)&rai->addr, (void *)sa, len);
Note that sa
is &arg.buf.addr
, and len
is arg.alen
. &arg.buf.addr
is a pointer to sockaddr, and arg.len
is sizeof(union_sockaddr)
, not sizeof(sockaddr)
, which is indeed inconsistent.
I don't think this inconsistency will cause actual harm, but it would be better to fix.
--
Yusuke Endoh mame@ruby-lang.org
Actions
Like0
Like0Like0Like0Like0