Nux

Coverity INTEGER_OVERFLOW - CID 10641

Bug #937584 reported by Product Strategy Coverity Bug Uploader on 2012-02-21

This bug affects 1 person

	Status	Importance	Assigned to
Nux	Status tracked in 4.0
4.0	Fix Released	Medium	Unassigned
nux (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10641
Checker: INTEGER_OVERFLOW
Category: critical_argument
CWE definition: http://cwe.mitre.org/data/definitions/190.html
File: /tmp/buildd/nux-2.4.0/NuxCore/TinyXML/tinyxml.cpp
Function: TiXmlDocument::LoadFile(_IO_FILE *, TiXmlEncoding)
Code snippet:
At conditional: "*p == 10" taking False branch
At conditional: "*p == 10" taking False branch
At conditional: "*p == 10" taking True branch
1157 if ( *p == 0xa )
1158 {
1159 // Newline character. No special rules for this. Append all the characters
1160 // since the last string, and include the newline.
CID 10641 - INTEGER_OVERFLOW
Add operation overflows on operands "p - lastPos" and "1L". Example value for operand: "p - lastPos" = 0111111111111111111111111111111111111111111111111111111111111111.
Overflowed or truncated value (or a value computed from an overflowed or truncated value) "p - lastPos + 1L" used as critical argument to function.
1161 data.append ( lastPos, (p - lastPos + 1) ); // append, include the newline
1162 ++p; // move past the newline
1163 lastPos = p; // and point to the new buffer (may be 0)
1164 assert ( p <= (buf + length) );
1165 }
At conditional: "*p == 13" taking False branch
At conditional: "*p == 13" taking False branch
1166 else if ( *p == 0xd )