Closed Bug 148275 Opened 20 years ago Closed 16 years ago
flawfinder warnings in modules/libimg
I run flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 branch. flawfinder found 31 warnings in imglib code (1073-1104). Go through that list and for each warning: * If it is false positive, comment here why it is not an issue * If it is a real issue, make patch for it here and let's get them checked in In addition the checking the branch, also check the trunk. I will attach an excerpt of the log since the full log is so big and inside NS firewall.
all of those "flaws" are in libpng. Since this is an external library, I'm not entirely sure what do to with them. I am not aware of any known exploits in libpng, however I suppose we could forward this information on to the libpng maintainer or dig through it ourselves.
Oh, I was not aware of that. Yes, it would be better if the real owners could take care of this. But I think we should at least figure out first if any are real issues. This should be pretty fast since at least 90% of the warnings are false positives (in general) so eliminating those is quick. For actual bugs lets try to get png owners to fix them for us.
20 years ago
Please email the authors and comment here when you have done so.
Could we get some progress on this bug?
Closing all open flawfinder bugs as WORKSFORME because we now have much better tools that do the same (well, better) kind of analysis (Coverity, Klocwork).
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.