2

Veracode reported:

This call to ReadFile() contains a potential buffer overflow. The specified size of 92 bytes is larger than the space allocated to the destination buffer (88 bytes).

The code:

typedef struct
{
    char myArray[82];
    int  number1;  
    int  number2;    
} MY_STRUCT;

void test_ExpectBufferOverflow(HANDLE handle)
{
    DWORD nRead;
    MY_STRUCT my_struct;

    ReadFile(handle, &my_struct, sizeof(MY_STRUCT), &nRead, NULL);
}

This is 32-bit Windows code, compiler: MSVC14_X86.

I do not see how buffer overflow can happen here.

How should I fix this?

Improve this question
10
  • 1
    Maybe your compiler is checking for padding bytes inside the struct and reporting that as "buffer overflow". You cannot (legally) write into myArray[82] (or myArray[83]) if these are padding bytes. The member number1 is probably aligned to 4 bytes, ie at &myArray[84]. See C23 6.2.6.1p6 Commented Feb 10 at 14:46
  • 1
    @pmg: Can you not? People memcpy structs with padding all the time. Commented Feb 10 at 14:50
  • 4
    I wonder where it got the number of bytes 88 from? Assuming sizeof(int) is 4, the size of the structure should be at least 90 bytes. Commented Feb 10 at 14:59
  • 8
    Either this code is not the one you passed to the static analyser or otherwise the static analyser is drunk. There is no obvious buffer overflow here, although the code is fishy. Commented Feb 10 at 15:25
  • 3
    What do sizeof(MY_STRUCT) and sizeof my_struct report? Commented Feb 10 at 16:31
Related questions
1823
With arrays, why is it the case that a[5] == 5[a]?
149
Why is this code vulnerable to buffer overflow attacks?
757
How do I detect unsigned integer overflow?
Load 6 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.