Closed Bug 173417 Opened 22 years ago Closed 22 years ago

flawfinder warnings in oji

Categories

(Core Graveyard :: Java: OJI, defect)

Product:
Core Graveyard
Component:
Java: OJI
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: morse, Assigned: joe.chou)

References

Details

I run flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 branch.

flawfinder found 4 warnings in oji code (1128-1131). Go through
that list and for each warning:

* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in

In addition to checking the branch, also check the trunk.

1128) modules/oji/tests/src/TestLoader/OJITestLoader.cpp:100 [4] (buffer) 
sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.

1129) modules/oji/tests/src/include/ojiapitests.h:111 [4] (buffer) sprintf: does 
not check for buffer overflows. Use snprintf or vsnprintf.

1130) modules/oji/tests/src/include/ojiapitests.h:123 [4] (buffer) sprintf: does 
not check for buffer overflows. Use snprintf or vsnprintf.

1131) modules/oji/tests/src/include/ojiapitests.h:131 [4] (buffer) sprintf: does 
not check for buffer overflows. Use snprintf or vsnprintf.
Blocks: 148251
QA Contact: pmac → petersen
These waring are all in tests directories.  Therefore not a security risk. 
Closing out as invalid.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.