I'm getting buffer overflow case from the appscan for the below set of code. I'm not sure what is wrong in it. If someone suggest a solution that would be great. Common Code is for all the platform.
int main()
{
char* src = NULL;
char* chenv = getenv("HOME");
if (chenv == NULL || strlen(chenv) == 0)
return -1;
else
{
int len = strlen(chenv);
src = new char[len+1];
strncpy(src, chenv, len); // AppScan throws buffer overflow
src[len+1]='\0';
}
FILE* fp;
char content[4096];
int len = 0;
fp = fopen("filename.txt", "r");
if(fp)
{
while( (len = fread(content, sizeof(char), sizeof(content), fp))> 0) // AppScan throws buffer overflow on content
{
docopy(content, len);// External funtion call.
}
}
return 0;
}
Instead of strncpy I tried using strdup() and the issue solved. But the fread is still having the issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.