There are a lot of potential buffer overflow are found during static scan

This forum can be used to talk about general design strategies, new ideas and questions in general related to wxWidgets. If you feel your questions doesn't fit anywhere, put it here.
Post Reply
yitiger
In need of some credit
In need of some credit
Posts: 2
Joined: Tue Nov 19, 2019 6:46 am

There are a lot of potential buffer overflow are found during static scan

Post by yitiger »

Hi guys,

Veracode scan report a lot of potential buffer overflow flaws are found during static code scan , see the attached screenshot. I want to ask if wxWidgets team will fix those issues or not?

for example Veracode report buffer.h has potential overflow,
wxbase311ud_net_vc_custom.dll source/.../include/wx/buffer.h 599 10/9/19
and look into source code, wxWidgets using memcpy, veracode considerate it is not safe.

void AppendData(const void *data, size_t len)
{
memcpy(GetAppendBuf(len), data, len);
UngetAppendBuf(len);
}

Thanks in advance
Attachments
scan result
scan result
static_scan.png (75.79 KiB) Viewed 1762 times
User avatar
doublemax
Moderator
Moderator
Posts: 19116
Joined: Fri Apr 21, 2006 8:03 pm
Location: $FCE2

Re: There are a lot of potential buffer overflow are found during static scan

Post by doublemax »

This is a user forum. Please post again on the wx-users Google group where you can reach the actual wx developers.
https://groups.google.com/forum/#!topic/wx-users/
Use the source, Luke!
ONEEYEMAN
Part Of The Furniture
Part Of The Furniture
Posts: 7459
Joined: Sat Apr 16, 2005 7:22 am
Location: USA, Ukraine

Re: There are a lot of potential buffer overflow are found during static scan

Post by ONEEYEMAN »

Hi,
Or better yet - create a ticket on the trac.wxwidgets.org and see what core-devs will say.

BTW, what software did you analyze?

Thank you.
yitiger
In need of some credit
In need of some credit
Posts: 2
Joined: Tue Nov 19, 2019 6:46 am

Re: There are a lot of potential buffer overflow are found during static scan

Post by yitiger »

Thanks, i have post the question to wx-user google group:)
alys666
Super wx Problem Solver
Super wx Problem Solver
Posts: 329
Joined: Tue Oct 18, 2016 2:31 pm

Re: There are a lot of potential buffer overflow are found during static scan

Post by alys666 »

yitiger wrote: Tue Nov 19, 2019 7:01 am Hi guys,

Veracode scan report a lot of potential buffer overflow flaws are found during static code scan , see the attached screenshot. I want to ask if wxWidgets team will fix those issues or not?

for example Veracode report buffer.h has potential overflow,
wxbase311ud_net_vc_custom.dll source/.../include/wx/buffer.h 599 10/9/19
and look into source code, wxWidgets using memcpy, veracode considerate it is not safe.

void AppendData(const void *data, size_t len)
{
memcpy(GetAppendBuf(len), data, len);
UngetAppendBuf(len);
}

Thanks in advance
memcpy is innocent function if you previously checked size of destination buffer and size of data.
here they checked and expanded buffer if needed, to hold all the data, and have appended data using memcpy.
no problem.
ubuntu 20.04, wxWidgets 3.2.1
PB
Part Of The Furniture
Part Of The Furniture
Posts: 4193
Joined: Sun Jan 03, 2010 5:45 pm

Re: There are a lot of potential buffer overflow are found during static scan

Post by PB »

alys666 wrote: Wed Nov 20, 2019 12:06 am memcpy is innocent function if you previously checked size of destination buffer and size of data.
here they checked and expanded buffer if needed, to hold all the data, and have appended data using memcpy.
no problem.
Actually, no one checks if the memory was allocated as expected. AFAIK Passing NULL to memcpy(), be it as dest or src, brings us to the undefined behaviour territory. And once there, nothing can be ruled out, including buffer overflow.

But wxWidgets code may not check for unsuccessful memory allocations in many places. IIRC, not even in some wxImage code...
alys666
Super wx Problem Solver
Super wx Problem Solver
Posts: 329
Joined: Tue Oct 18, 2016 2:31 pm

Re: There are a lot of potential buffer overflow are found during static scan

Post by alys666 »

PB wrote: Wed Nov 20, 2019 6:12 am
alys666 wrote: Wed Nov 20, 2019 12:06 am memcpy is innocent function if you previously checked size of destination buffer and size of data.
here they checked and expanded buffer if needed, to hold all the data, and have appended data using memcpy.
no problem.
Actually, no one checks if the memory was allocated as expected. AFAIK Passing NULL to memcpy(), be it as dest or src, brings us to the undefined behaviour territory. And once there, nothing can be ruled out, including buffer overflow.

But wxWidgets code may not check for unsuccessful memory allocations in many places. IIRC, not even in some wxImage code...
replacement with "safe" variant of memcpy won't solve the problem of failed mem allocation. both functions will crash with "bad address access" interrupt, which signals about this kind of error. so there is no problem with neither missed "buffer overflow", nor missed wrong mem allocation, even if simple memcpy used.
so mentioned code piece has not a reason for ticket.
ubuntu 20.04, wxWidgets 3.2.1
Post Reply