[PATCH:libFS] Off-by-one error in FSGetErrorText bounds check
Alan Coopersmith
alan.coopersmith at oracle.com
Fri Feb 11 18:35:04 PST 2011
Read outside array bounds (CWE 125): In array dereference of <unknown> with index 'code'
Array size is 12 elements (of 4 bytes each), index >= 1 and index <= 12
at line 108 of libFS/src/FSErrDis.c in function 'FSGetErrorText'.
[ This bug was found by the Parfait 0.3.6 bug checking tool.
For more information see http://labs.oracle.com/projects/parfait/ ]
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
src/FSErrDis.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/FSErrDis.c b/src/FSErrDis.c
index f89e49f..5e9d9d2 100644
--- a/src/FSErrDis.c
+++ b/src/FSErrDis.c
@@ -104,7 +104,7 @@ int FSGetErrorText(
if (nbytes == 0)
return 0;
snprintf(buf, sizeof(buf), "%d", code);
- if (code <= (FSErrorListSize / sizeof(char *)) && code > 0) {
+ if (code < (FSErrorListSize / sizeof(char *)) && code > 0) {
defaultp = FSErrorList[code];
FSGetErrorDatabaseText(svr, "FSProtoError", buf, defaultp, buffer, nbytes);
}
--
1.7.3.2
More information about the xorg-devel
mailing list