Closed Bug 173563 Opened 20 years ago Closed 16 years ago

flawfinder warnings in python

Categories

(Core :: XPCOM, defect)

x86
Windows NT
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: morse, Assigned: markh)

References

Details

I run flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 branch.

flawfinder found 14 warnings in python code (1496-1509). Go through
that list and for each warning:

* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in

In addition to checking the branch, also check the trunk.

1496) extensions/python/xpcom/src/ErrorUtils.cpp:49 [4] (format) vsprintf: 
Potential format string problem. Make format string constant.

1497) extensions/python/xpcom/src/ErrorUtils.cpp:202 [4] (buffer) strcpy: does 
not check for buffer overflows. Consider using strncpy or strlcpy.

1498) extensions/python/xpcom/src/ErrorUtils.cpp:210 [4] (buffer) strcpy: does 
not check for buffer overflows. Consider using strncpy or strlcpy.

1499) extensions/python/xpcom/src/PyGBase.cpp:586 [2] (buffer) strcpy: does not 
check for buffer overflows. Consider using strncpy or strlcpy. Risk is low 
because the source is a constant string.

1500) extensions/python/xpcom/src/PyGBase.cpp:633 [2] (buffer) strcpy: does not 
check for buffer overflows. Consider using strncpy or strlcpy. Risk is low 
because the source is a constant string.

1501) extensions/python/xpcom/src/PyGWeakReference.cpp:43 [2] (buffer) strcpy: 
does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is 
low because the source is a constant string.

1502) extensions/python/xpcom/src/PyIID.cpp:186 [4] (buffer) sprintf: does not 
check for buffer overflows. Use snprintf or vsnprintf.

1503) extensions/python/xpcom/src/PyISupports.cpp:110 [4] (buffer) sprintf: does 
not check for buffer overflows. Use snprintf or vsnprintf.

1504) extensions/python/xpcom/src/TypeObject.cpp:133 [4] (buffer) sprintf: does 
not check for buffer overflows. Use snprintf or vsnprintf.

1505) extensions/python/xpcom/src/VariantUtils.cpp:473 [2] (buffer) sprintf: 
does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low 
because the source has a constant maximum length.

1506) extensions/python/xpcom/src/VariantUtils.cpp:1986 [2] (buffer) sprintf: 
does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low 
because the source has a constant maximum length.

1507) extensions/python/xpcom/src/loader/pyloader.cpp:183 [4] (format) vsprintf: 
Potential format string problem. Make format string constant.

1508) extensions/python/xpcom/src/loader/pyloader.cpp:321 [4] (buffer) strcpy: 
does not check for buffer overflows. Consider using strncpy or strlcpy.

1509) extensions/python/xpcom/src/loader/pyloader.cpp:329 [4] (buffer) strcpy: 
does not check for buffer overflows. Consider using strncpy or strlcpy.
Blocks: 148251
10 more flawfinder warnings in python (4346-4355)

4346) extensions/layout-debug/plugin/plugin.cpp:169 [4] (buffer) strcpy: does
not check for buffer overflows. Consider using strncpy or strlcpy.

4347) extensions/python/xpcom/src/ErrorUtils.cpp:49 [4] (format) vsprintf:
Potential format string problem. Make format string constant.

4348) extensions/python/xpcom/src/ErrorUtils.cpp:202 [4] (buffer) strcpy: does
not check for buffer overflows. Consider using strncpy or strlcpy.

4349) extensions/python/xpcom/src/ErrorUtils.cpp:210 [4] (buffer) strcpy: does
not check for buffer overflows. Consider using strncpy or strlcpy.

4350) extensions/python/xpcom/src/PyIID.cpp:186 [4] (buffer) sprintf: does not
check for buffer overflows. Use snprintf or vsnprintf.

4351) extensions/python/xpcom/src/PyISupports.cpp:110 [4] (buffer) sprintf: does
not check for buffer overflows. Use snprintf or vsnprintf.

4352) extensions/python/xpcom/src/TypeObject.cpp:133 [4] (buffer) sprintf: does
not check for buffer overflows. Use snprintf or vsnprintf.

4353) extensions/python/xpcom/src/loader/pyloader.cpp:183 [4] (format) vsprintf:
Potential format string problem. Make format string constant.

4354) extensions/python/xpcom/src/loader/pyloader.cpp:321 [4] (buffer) strcpy:
does not check for buffer overflows. Consider using strncpy or strlcpy.

4355) extensions/python/xpcom/src/loader/pyloader.cpp:329 [4] (buffer) strcpy:
does not check for buffer overflows. Consider using strncpy or strlcpy.

QA Contact: scc → xpcom
Closing all open flawfinder bugs as WORKSFORME because we now have much better tools that do the same (well, better) kind of analysis (Coverity, Klocwork).
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.