Ticket #9950 (closed: fixed)
Coverity - High impact outstanding issues caused by ISISRAW
Reported by: | Wenduo Zhou | Owned by: | Martyn Gigg |
---|---|---|---|
Priority: | critical | Milestone: | Release 3.3 |
Component: | Framework | Keywords: | Maintenance |
Cc: | Blocked By: | ||
Blocking: | Tester: | Wenduo Zhou |
Description
Two high impact outstanding issues reported by coverity are rooted from ISISRAW.
They are (1) CID 1076094: Out-of-bounds access (OVERRUN):
overrun-buffer-arg: Overrunning array localISISRaw->hdr.inst_abrv of 3 bytes by passing it to a function which accesses it at byte offset 79 using argument 80UL.
(2) CID 1076093: Out-of-bounds access (OVERRUN)
overrun-buffer-arg: Overrunning array isis_raw.hdr.hd_run of 5 bytes by passing it to a function which accesses it at byte offset 68 using argument 69UL.
Change History
comment:4 Changed 6 years ago by Martyn Gigg
Fix coverity issue in ISISRAW out-of-bounds access.
Code has been refactored to a common place in RawFileInfo and LoadISISNexus has been updated to format the header in the same manner. Refs #9950
Changeset: d1a5ba524a72d244d8a3c51dfbdbfffb4d155cc7
comment:8 Changed 6 years ago by Martyn Gigg
Fix buffer overrun in isis raw header access.
Refs #9950
Changeset: 81b5a9eb443d88dff3d32a8c1c45fd94c077689c
comment:9 Changed 6 years ago by Martyn Gigg
- Status changed from inprogress to verify
- Resolution set to fixed
Branch: bugfix/9950_coverity_issues_isisraw
Tester: All tests should be passing and you'll need to convince yourself by code review that this fixes the issues.
comment:10 Changed 6 years ago by Wenduo Zhou
- Status changed from verify to verifying
- Tester set to Wenduo Zhou
comment:11 Changed 6 years ago by Wenduo Zhou
All tests are passed. Ticket is closed for coverity to check.
comment:10 Changed 6 years ago by Wenduo Zhou
- Status changed from verifying to closed
Merge remote-tracking branch 'origin/bugfix/9950_coverity_issues_isisraw'
Full changeset: 1496119a22da3fd49e3edaeb39058262add8d52c
comment:11 Changed 5 years ago by Stuart Campbell
This ticket has been transferred to github issue 10792