[cmake-developers] [CMake 0014488]: TestDriver.cxx.in Untrusted array index read
Mantis Bug Tracker
mantis at public.kitware.com
Wed Oct 16 10:16:44 EDT 2013
The following issue has been SUBMITTED.
======================================================================
http://www.cmake.org/Bug/view.php?id=14488
======================================================================
Reported By: Matthew McCormick
Assigned To:
======================================================================
Project: CMake
Issue ID: 14488
Category: CMake
Reproducibility: always
Severity: minor
Priority: normal
Status: new
======================================================================
Date Submitted: 2013-10-16 10:16 EDT
Last Modified: 2013-10-16 10:16 EDT
======================================================================
Summary: TestDriver.cxx.in Untrusted array index read
Description:
As reported by Coverity Scan, if the configured file contains a #include,
Untrusted array index read
The array index could be controlled by an attacker, leading to reads outside
the bounds of the array.
In main: Read from array at index computed using an unscrutinized value from
an untrusted source (CWE-129)
CID 1081283 (http://www.cmake.org/Bug/view.php?id=1 of 1): Untrusted array
index read (TAINTED_SCALAR)
25. tainted_data: Using tainted variable "testToRun" as an index into an array
"cmakeGeneratedFunctionMapEntries".
Steps to Reproduce:
Analyze the ITK test suite with Coverity Static Analysis.
Additional Information:
Patch attached.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2013-10-16 10:16 Matthew McCormickNew Issue
2013-10-16 10:16 Matthew McCormickFile Added:
0001-TestDriver.cxx.in-Untrusted-array-index-read.patch
======================================================================
More information about the cmake-developers
mailing list