...
Exposing these buffers to untrusted code exposes the backing array to malicious modification. Likewise, the duplicate() methods , array(), slice(), and subsequence() methods create additional buffers that are backed by the original buffer's backing array; exposing such additional buffers to untrusted code affords the same opportunity for malicious modification.
...
Exposing buffers created using the wrap() or duplicate() methods may allow an untrusted caller to alter the contents of the original data.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO05-J | Medium | Likely | Low | P18 | L1 |
Automated Detection
Sound automated detection of this vulnerability is not feasible. Heuristic approaches may be useful.
Bibliography
[API 2014] | |
Section 2.3 "Duplicating Buffers" |
...
...