Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-89320

Coverity analysis defect 139793: Overflowed integer argument

    • Server Security
    • Fully Compatible
    • ALL
    • v8.0
    • Security 2024-04-29

      Overflowed integer argument

      The argument will be too small or even negative, likely resulting in unexpected behavior (for example, under-allocation in a memory allocation function). An integer overflow occurs, with the overflowed value used as an argument to a function
      /src/mongo/util/net/ssl_manager_openssl.cpp:3079: INTEGER_OVERFLOW 139793 The check "writePos < fromBIO" contains the tainted expression "writePos" which causes "fromBIO" to be considered tainted.
      /src/mongo/util/net/ssl_manager_openssl.cpp:3073: INTEGER_OVERFLOW 139793 The expression "fromBIO - writePos" is deemed overflowed because at least one of its arguments has overflowed.
      /src/mongo/util/net/ssl_manager_openssl.cpp:3073: INTEGER_OVERFLOW 139793 Assigning: "numWrite" = "fromBIO - writePos".
      /src/mongo/util/net/ssl_manager_openssl.cpp:3074: INTEGER_OVERFLOW 139793 "numWrite", which might have underflowed, is passed to "send(conn->socket->rawFD(), buffer + writePos, numWrite, mongo::portSendFlags)".

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            xgen-internal-coverity Coverity Collector User
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: