From 7eddefd8f1375c5c6f2fbe6e0e51f14bdc1f8886 Mon Sep 17 00:00:00 2001 From: Matt McCormick Date: Mon, 7 Oct 2013 17:10:06 +0000 Subject: [PATCH] TestDriver.cxx.in: Untrusted array index read. As reported by Coverity Scan, if the configured file contains a #include, Untrusted array index read The array index could be controlled by an attacker, leading to reads outside the bounds of the array. In main: Read from array at index computed using an unscrutinized value from an untrusted source (CWE-129) CID 1081283 (#1 of 1): Untrusted array index read (TAINTED_SCALAR) 25. tainted_data: Using tainted variable "testToRun" as an index into an array "cmakeGeneratedFunctionMapEntries". --- Templates/TestDriver.cxx.in | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Templates/TestDriver.cxx.in b/Templates/TestDriver.cxx.in index f4510bb55..03916bf74 100644 --- a/Templates/TestDriver.cxx.in +++ b/Templates/TestDriver.cxx.in @@ -137,6 +137,13 @@ int main(int ac, char *av[]) { int result; @CMAKE_TESTDRIVER_BEFORE_TESTMAIN@ + if (testToRun < 0 || testToRun >= NumTests) + { + printf( + "testToRun was modified by TestDriver code to an invalid value: %3d.\n", + testNum); + return -1; + } result = (*cmakeGeneratedFunctionMapEntries[testToRun].func)(ac, av); @CMAKE_TESTDRIVER_AFTER_TESTMAIN@ return result;