Fix reads outside array bounds in error handlers

Error: Buffer overrun
   Read outside array bounds (CWE 125): In call to memcpy(<unknown>, &mOp, 8), (size(&mOp) < (unsigned) 8)
      Array size is 1 bytes
        at line 296 of src/error.c in function '_IceErrorMajorOpcodeDuplicate'.
Error: Buffer overrun
   Read outside array bounds (CWE 125): In call to memcpy(<unknown>, &maj, 8), (size(&maj) < (unsigned) 8)
      Array size is 1 bytes
        at line 346 of src/error.c in function '_IceErrorBadMajor'.

[ This bug was found by the Parfait 0.3.7 bug checking tool.
  For more information see http://labs.oracle.com/projects/parfait/ ]

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/src/error.c b/src/error.c
index 5c9aa51..0e7725a 100644
--- a/src/error.c
+++ b/src/error.c
@@ -284,7 +284,7 @@ _IceErrorMajorOpcodeDuplicate (
 	int	majorOpcode
 )
 {
-    char mOp = (char) majorOpcode;
+    char mOp[8] = { (char) majorOpcode };
 
     IceErrorHeader (iceConn,
 	0, ICE_ProtocolSetup,
@@ -293,7 +293,7 @@ _IceErrorMajorOpcodeDuplicate (
 	IceMajorOpcodeDuplicate,
 	1 /* length */);
 
-    IceWriteData (iceConn, 8, &mOp);
+    IceWriteData (iceConn, 8, mOp);
     IceFlush (iceConn);
 }
 
@@ -334,7 +334,7 @@ _IceErrorBadMajor (
 	int	severity
 )
 {
-    char maj = (char) offendingMajor;
+    char maj[8] = { (char) offendingMajor };
 
     IceErrorHeader (iceConn,
 	0, offendingMinor,
@@ -343,7 +343,7 @@ _IceErrorBadMajor (
 	IceBadMajor,
 	1 /* length */);
 
-    IceWriteData (iceConn, 8, &maj);
+    IceWriteData (iceConn, 8, maj);
     IceFlush (iceConn);
 }