A risk of writing to an invalid address with memcpy in function Parser_feed

Question

A risk of writing to an invalid address with memcpy in function Parser_feed

awen-li opened this issue 4 years ago · 1 comments

Code snippet

Parser_feed(Parser* self, PyObject *args)
{
     ........
     if((size_t)data_len > self->buffer_capacity - (self->buffer_end - self->buffer_start)) {
            self->buffer_capacity = MAX(self->buffer_capacity * 2, self->buffer_end - self->buffer_start + data_len);
            if(self->buffer == self->inline_buffer) {
                   self->buffer = malloc(self->buffer_capacity);    --------> may return a NULL pointer
                   memcpy(self->buffer + self->buffer_start, self->inline_buffer + self->buffer_start,
                                  self->buffer_end - self->buffer_start);
    } 
    ........
}

Description

Function: Parser_feed
File: cparser.c
Call-path: feed (Python) -> Parser_feed -> memcpy
WarningType: Invalid write. Our analysis tool reported a warning on potential write at an invalid address. As the buffer_capacity may depend on external inputs, hence it is possible that malloc-fail happens. Return value validation is necessary at this point.
Also seen in Details

Answer 1 · 2021-05-31T19:34:51.000Z

Anyone can help confirm this issue? thanks.