[cmake-developers] [CMake 0014488]: TestDriver.cxx.in Untrusted array index read

Wed, 16 Oct 2013 07:17:22 -0700 

The following issue has been SUBMITTED. 
====================================================================== 
http://www.cmake.org/Bug/view.php?id=14488 
====================================================================== 
Reported By:                Matthew McCormick
Assigned To:                
====================================================================== 
Project:                    CMake
Issue ID:                   14488
Category:                   CMake
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
====================================================================== 
Date Submitted:             2013-10-16 10:16 EDT
Last Modified:              2013-10-16 10:16 EDT
====================================================================== 
Summary:                    TestDriver.cxx.in Untrusted array index read
Description: 
As reported by Coverity Scan, if the configured file contains a #include,

  Untrusted array index read
  The array index could be controlled by an attacker, leading to reads outside
  the bounds of the array.
  In main: Read from array at index computed using an unscrutinized value from
  an untrusted source (CWE-129)

  CID 1081283 (http://www.cmake.org/Bug/view.php?id=1 of 1): Untrusted array
index read (TAINTED_SCALAR)
  25. tainted_data: Using tainted variable "testToRun" as an index into an array
  "cmakeGeneratedFunctionMapEntries".


Steps to Reproduce: 
Analyze the ITK test suite with Coverity Static Analysis.

Additional Information: 
Patch attached.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2013-10-16 10:16 Matthew McCormickNew Issue                                    
2013-10-16 10:16 Matthew McCormickFile Added:
0001-TestDriver.cxx.in-Untrusted-array-index-read.patch                    
======================================================================

--

Powered by www.kitware.com

Visit other Kitware open-source projects at 
http://www.kitware.com/opensource/opensource.html

Please keep messages on-topic and check the CMake FAQ at: 
http://www.cmake.org/Wiki/CMake_FAQ

Follow this link to subscribe/unsubscribe:
http://public.kitware.com/cgi-bin/mailman/listinfo/cmake-developers

Reply via email to