You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
e_init(char *hdf) misbehaves if the EPIPHANY_HOME environment variable is not set.
Looking in epiphany-hal.c, we see the fetch of hdf_env_var_name (set to "EPIPHANY_HDF") is guarded, whereas the following fetch of esdk_path (set to "EPIPHANY_HOME") is not. If esdk_env is NULL, strncpy() is called on a NULL src argument, a case which is not even mentioned in the strncpy man pages.
A secondary issue is the strncat used to build the platform.hdf path. Its n argument is too large and can potentially lead to a buffer overflow.
e_init(char *hdf) misbehaves if the EPIPHANY_HOME environment variable is not set.
Looking in epiphany-hal.c, we see the fetch of hdf_env_var_name (set to "EPIPHANY_HDF") is guarded, whereas the following fetch of esdk_path (set to "EPIPHANY_HOME") is not. If esdk_env is NULL, strncpy() is called on a NULL src argument, a case which is not even mentioned in the strncpy man pages.
A secondary issue is the strncat used to build the platform.hdf path. Its n argument is too large and can potentially lead to a buffer overflow.
See https://parallella.org/forums/viewtopic.php?f=13&t=2544&p=14462#p14462 for proposed fixes.
The text was updated successfully, but these errors were encountered: