Closed Bug 148279 Opened 20 years ago Closed 20 years ago

flawfinder warnings in expat

Categories

(Core :: XML, defect)

defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: hjtoi-bugzilla, Assigned: hjtoi-bugzilla)

References

()

Details

3711) expat/xmlwf/xmltchar.h:27 [4] (format) fprintf: if format strings can be
influenced by an attacker, they can be exploited. Use a constant for the format
specification.

3712) expat/xmlwf/xmltchar.h:32 [4] (buffer) strcpy: does not check for buffer
overflows. Consider using strncpy or strlcpy.

3713) expat/xmlwf/xmltchar.h:33 [4] (buffer) strcat: does not check for buffer
overflows. Consider using strncat or strlcat.
Blocks: 148251
The warnings point to defines, and I checked the use of those defines. Format
strings cannot be set by the attacker, they are always constant in Expat. Also
strcpy and and strcat are safe because we allocate memory for the new string by
malloc, and the amount malloced we calculate from the originals. (Assuming we
have null terminated strings since we use strlen.)

Closing as invalid.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Would it be worth the minor code changes to shut up flawfinder for the next time
(or tool) we run over this code?
Group: security?
3 more flawfinder warnings (4343-4345).  Reopening.

4343) expat/xmlwf/xmltchar.h:27 [4] (format) fprintf: if format strings can be
influenced by an attacker, they can be exploited. Use a constant for the format
specification.

4344) expat/xmlwf/xmltchar.h:32 [4] (buffer) strcpy: does not check for buffer
overflows. Consider using strncpy or strlcpy.

4345) expat/xmlwf/xmltchar.h:33 [4] (buffer) strcat: does not check for buffer
overflows. Consider using strncat or strlcat.

Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Duplicate warnings, closing as invalid again.
Status: REOPENED → RESOLVED
Closed: 20 years ago20 years ago
Resolution: --- → INVALID
QA Contact: petersen → rakeshmishra
You need to log in before you can comment on or make changes to this bug.