Closed Bug 148275 Opened 20 years ago Closed 16 years ago

flawfinder warnings in modules/libimg

Categories

(Core :: ImageLib, defect)

defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: hjtoi-bugzilla, Assigned: pavlov)

References

()

Details

Attachments

(1 file)

I run flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 branch.

flawfinder found 31 warnings in imglib code (1073-1104). Go through that list and
for each warning:

* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in

In addition the checking the branch, also check the trunk.

I will attach an excerpt of the log since the full log is so big and inside NS
firewall.
all of those "flaws" are in libpng.  Since this is an external library, I'm not
entirely sure what do to with them.  I am not aware of any known exploits in
libpng, however I suppose we could forward this information on to the libpng
maintainer or dig through it ourselves.
Oh, I was not aware of that. Yes, it would be better if the real owners could
take care of this. But I think we should at least figure out first if any are
real issues. This should be pretty fast since at least 90% of the warnings are
false positives (in general) so eliminating those is quick. For actual bugs lets
try to get png owners to fix them for us.
Group: security?
Please email the authors and comment here when you have done so.
Could we get some progress on this bug?
Closing all open flawfinder bugs as WORKSFORME because we now have much better tools that do the same (well, better) kind of analysis (Coverity, Klocwork).
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.