lib/raster: fixed security vulnerabilities and weaknesses #3549
Conversation
github-actions
bot
added
raster
|
I am not certain why the MacOS job failed. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Just to make sure I made a rerun of the job, and still failed early. The earliest possible error that I was only able to spot was the linker not being able to link libgrass, but didn’t find another more descriptive error in the compilation. |
|
I'm surprised that another Clang-based job didn't fail. I only see that Travis builds with gcc and clang, but on Ubuntu focal. I thought we had more clang jobs than that. |
In the CI log you can find the reason: which is the same issue as the CodeQL reports. |
The macOS CI is built with |
|
Is this ready now that CI passes? |
Yes, it is ready now. |
neteler
changed the title
This PR fixes three vulnerabilities/weaknesses found with older scans of Coverity.
Issue 1208372 in error.c concerns an unbounded read of an environment variable into memory. An attacker could overwrite the environment variable that is accessed by G__home() and exploit it to overflow the buf array.
Issue 1501330 in mapset_msc.c concerns writing into an array that is not null terminated. If the path variable was not null terminated, the write could fill the whole array with data without a null terminator, causing trouble down the line.
Issue 1207344 in raster/r.gwflow/main.c concerns a constant variable guarding dead code. This is not exactly a security vulnerability, but is a code quality issue I was able to easily fix.