[Coverity CID: 434686] Out-of-bounds access in drivers/counter/rtc_mcp7940n.c #81930
Assignees
Labels
area: Counter
bug
The issue is a bug, or the PR is fixing a bug
Coverity
A Coverity detected issue or its fix
priority: high
High impact/importance bug
Comments
zephyrbot
added
area: Counter
bug
Lefucjusz
added a commit
to Lefucjusz/zephyr
that referenced
this issue
Jan 24, 2025
This PR fixes the issue of possible out-of-bounds access if write_data_block function was misused. Size argument of the function was only validated against the maximum allowed value, not the real size of the data struct to be read, what could cause accessing data past the boundary of the struct. Should fix zephyrproject-rtos#81930. Signed-off-by: Marcin Lyda <[email protected]>
Lefucjusz
added a commit
to Lefucjusz/zephyr
that referenced
this issue
Jan 24, 2025
This PR fixes the issue of possible out-of-bounds access if write_data_block function was misused. Size argument of the function was only validated against the maximum allowed value, not the real size of the data struct to be read, what could cause accessing data past the boundary of the struct. Should fix zephyrproject-rtos#81930. Signed-off-by: Marcin Lyda <[email protected]>
Lefucjusz
added a commit
to Lefucjusz/zephyr
that referenced
this issue
Jan 24, 2025
This PR fixes the issue of possible out-of-bounds access if write_data_block function was misused. Size argument of the function was only validated against the maximum allowed value, not the real size of the data struct to be read, what could cause accessing data past the boundary of the struct. Should fix zephyrproject-rtos#81930. Signed-off-by: Marcin Lyda <[email protected]>
Lefucjusz
added a commit
to Lefucjusz/zephyr
that referenced
this issue
Jan 24, 2025
This PR fixes the issue of possible out-of-bounds access if write_data_block function was misused. Size argument of the function was only validated against the maximum allowed value, not the real size of the data struct to be read, what could cause accessing data past the boundary of the struct. Should fix zephyrproject-rtos#81930. Signed-off-by: Marcin Lyda <[email protected]>
Lefucjusz
added a commit
to Lefucjusz/zephyr
that referenced
this issue
Jan 24, 2025
This PR fixes the issue of possible out-of-bounds access if write_data_block function was misused. Size argument of the function was only validated against the maximum allowed value, not the real size of the data struct to be read, what could cause accessing data past the boundary of the struct. Should fix zephyrproject-rtos#81930. Signed-off-by: Marcin Lyda <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Static code scan issues found in file:
https://github.com/zephyrproject-rtos/zephyr/tree/b1def7145fd/drivers/counter/rtc_mcp7940n.c
Category: Memory - corruptions
Function:
write_data_blockComponent: Drivers
CID: 434686
Details:
https://github.com/zephyrproject-rtos/zephyr/blob/b1def7145fd/drivers/counter/rtc_mcp7940n.c#L289
Please fix or provide comments in coverity using the link:
https://scan9.scan.coverity.com/#/project-view/29271/12996?selectedIssue=434686
For more information about the violation, check the Coverity Reference. (CWE-119)
Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the MAINTAINERS file.
The text was updated successfully, but these errors were encountered: