Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-452

OVERRUN error (CWE-119) in file libmariadb/ma_stmt_codec.c

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • 3.1.6
    • 3.1.8
    • None
    • All

    Description

      Hi,

      I'm working on fixing errors provided by covscan on project mariadb-connector-c (3.1.6) and I have problem with solving one of them.

      IMHO it's quite an important one, so I want to ask you if you can help me fix it.

      This is log from covscan:
      Error: OVERRUN (CWE-119):
      mariadb-connector-c-3.1.6-src/libmariadb/ma_stmt_codec.c:1171: overrun-buffer-val: Overrunning array "dtbuffer" of 60 bytes by passing it to a function which accesses it at byte offset 253.

      1. 1169| break;
      2. 1170| }
      3. 1171|-> convert_froma_string(r_param, dtbuffer, length);
      4. 1172| break;
      5. 1173| }

      I tried to look at it but unfortunately there is a lot of stuff to process, so I'm kindly asking for your assistance.

      Thank you so much
      Lukas

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          ljavorsk Lukas Javorsky created issue -
          georg Georg Richter added a comment -

          Thanks for your bug report.

          I classified this CVE 1,5 years ago as false positive - however after rechecking this CVE, I need to check if we can force a buffer overrun via mysql_stmt_fetch_column()

          georg Georg Richter added a comment - Thanks for your bug report. I classified this CVE 1,5 years ago as false positive - however after rechecking this CVE, I need to check if we can force a buffer overrun via mysql_stmt_fetch_column()
          ljavorsk Lukas Javorsky added a comment -

          Thanks for quick response,

          Okay, please let me know if something updated.

          ljavorsk Lukas Javorsky added a comment - Thanks for quick response, Okay, please let me know if something updated.
          serg Sergei Golubchik made changes -
          Field Original Value New Value
          Fix Version/s 3.1 [ 23223 ]
          serg Sergei Golubchik made changes -
          Priority Major [ 3 ] Blocker [ 1 ]
          georg Georg Richter added a comment -

          Fixed. rev. 1218ffac1a9adefd6428e68b6154bc54a04343aa

          georg Georg Richter added a comment - Fixed. rev. 1218ffac1a9adefd6428e68b6154bc54a04343aa
          georg Georg Richter made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Closed [ 6 ]
          diego dupin Diego Dupin made changes -
          Fix Version/s 3.1.13 [ 25621 ]
          Fix Version/s 3.1 [ 23223 ]
          diego dupin Diego Dupin made changes -
          Fix Version/s 3.1.8 [ 24230 ]
          Fix Version/s 3.1.13 [ 25621 ]
          julien.fritsch Julien Fritsch made changes -
          Workflow MariaDB connectors [ 103713 ] MariaDB v4 [ 161195 ]

          People

            georg Georg Richter
            ljavorsk Lukas Javorsky
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.