[BlueZ,v2,05/20] client/main: Fix array access

Message ID	20240510121355.3241456-6-hadess@hadess.net (mailing list archive)
State	Accepted
Commit	f3f762b77b5898ac0203d00bd64087e2a22e34be
Headers	show Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6535C16FF3B for <linux-bluetooth@vger.kernel.org>; Fri, 10 May 2024 12:14:04 +0000 (UTC) From: Bastien Nocera <hadess@hadess.net> To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera <hadess@hadess.net> Subject: [BlueZ v2 05/20] client/main: Fix array access Date: Fri, 10 May 2024 14:10:15 +0200 Message-ID: <20240510121355.3241456-6-hadess@hadess.net> In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net> References: <20240510121355.3241456-1-hadess@hadess.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Fix a number of static analysis issues \| expand [BlueZ,v2,00/20] Fix a number of static analysis issues [BlueZ,v2,01/20] adapter: Use false instead of 0 for bool [BlueZ,v2,02/20] attrib/gatt: Guard against possible integer overflow [BlueZ,v2,03/20] client/gatt: Don't pass negative fd on error [BlueZ,v2,04/20] client/gatt: Check write_value() retval [BlueZ,v2,05/20] client/main: Fix array access [BlueZ,v2,06/20] client/main: Fix mismatched free [BlueZ,v2,07/20] monitor/att: Fix memory leak [BlueZ,v2,08/20] bap: Fix memory leaks [BlueZ,v2,09/20] media: Fix memory leak [BlueZ,v2,10/20] main: Fix memory leaks [BlueZ,v2,11/20] isotest: Consider "0" fd to be valid [BlueZ,v2,12/20] isotest: Fix error check after opening file [BlueZ,v2,13/20] client/player: Fix copy/paste error [BlueZ,v2,14/20] shared/vcp: Fix copy/paste error [BlueZ,v2,15/20] isotest: Fix fd leak [BlueZ,v2,16/20] iso-tester: Fix fd leak [BlueZ,v2,17/20] sdp: Fix use of uninitialised memory [BlueZ,v2,18/20] monitor: Work-around memory leak warning [BlueZ,v2,19/20] avrcp: Fix uninitialised memory usage [BlueZ,v2,20/20] main: Simplify variable assignment

Message ID

20240510121355.3241456-6-hadess@hadess.net (mailing list archive)

State

Accepted

Commit

f3f762b77b5898ac0203d00bd64087e2a22e34be

Headers

From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Cc: Bastien Nocera <hadess@hadess.net>
Subject: [BlueZ v2 05/20] client/main: Fix array access
Date: Fri, 10 May 2024 14:10:15 +0200
Message-ID: <20240510121355.3241456-6-hadess@hadess.net>
In-Reply-To: <20240510121355.3241456-1-hadess@hadess.net>
References: <20240510121355.3241456-1-hadess@hadess.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Fix a number of static analysis issues | expand

Checks

Context	Check	Description
tedd_an/pre-ci_am	success	Success
tedd_an/CheckPatch	success	CheckPatch PASS
tedd_an/GitLint	fail	WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (134>80): "bluez-5.75/client/main.c:833: error[ctuArrayIndex]: Array index out of bounds; 'argv' buffer size is 0 and it is accessed at offset 1." 5: B3 Line contains hard tab characters (\t): "831\| const char *opt;" 7: B3 Line contains hard tab characters (\t): "833\|-> if (!strcmp(argv[1], "help")) {" 8: B3 Line contains hard tab characters (\t): "834\| for (opt = arg_table; opt && opt; opt++)" 9: B3 Line contains hard tab characters (\t): "835\| bt_shell_printf("%s\n", *opt);"
tedd_an/IncrementalBuild	success	Incremental Build PASS

Context

Check

Description

tedd_an/pre-ci_am

success

Success

tedd_an/CheckPatch

success

CheckPatch PASS

tedd_an/GitLint

fail

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (134>80): "bluez-5.75/client/main.c:833: error[ctuArrayIndex]: Array index out of bounds; 'argv' buffer size is 0 and it is accessed at offset 1." 5: B3 Line contains hard tab characters (\t): "831| const char **opt;" 7: B3 Line contains hard tab characters (\t): "833|-> if (!strcmp(argv[1], "help")) {" 8: B3 Line contains hard tab characters (\t): "834| for (opt = arg_table; opt && *opt; opt++)" 9: B3 Line contains hard tab characters (\t): "835| bt_shell_printf("%s\n", *opt);"

tedd_an/IncrementalBuild

success

Incremental Build PASS

Commit Message

Bastien Nocera May 10, 2024, 12:10 p.m. UTC

Error: CPPCHECK_WARNING (CWE-788): [#def36]
bluez-5.75/client/main.c:833: error[ctuArrayIndex]: Array index out of bounds; 'argv' buffer size is 0 and it is accessed at offset 1.
831|	const char **opt;
832|
833|->	if (!strcmp(argv[1], "help")) {
834|		for (opt = arg_table; opt && *opt; opt++)
835|			bt_shell_printf("%s\n", *opt);
---
 client/main.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/client/main.c b/client/main.c
index 51d08a67aa1a..f703cc91b24a 100644
--- a/client/main.c
+++ b/client/main.c
@@ -830,6 +830,11 @@  static gboolean parse_argument(int argc, char *argv[], const char **arg_table,
 {
 	const char **opt;
 
+	if (argc < 2) {
+		bt_shell_printf("Missing argument to %s\n", argv[0]);
+		return FALSE;
+	}
+
 	if (!strcmp(argv[1], "help")) {
 		for (opt = arg_table; opt && *opt; opt++)
 			bt_shell_printf("%s\n", *opt);