Closed Bug 173563 Opened 23 years ago Closed 19 years ago

flawfinder warnings in python

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: morse, Assigned: markh)

References

Details

I run flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 branch. flawfinder found 14 warnings in python code (1496-1509). Go through that list and for each warning: * If it is false positive, comment here why it is not an issue * If it is a real issue, make patch for it here and let's get them checked in In addition to checking the branch, also check the trunk. 1496) extensions/python/xpcom/src/ErrorUtils.cpp:49 [4] (format) vsprintf: Potential format string problem. Make format string constant. 1497) extensions/python/xpcom/src/ErrorUtils.cpp:202 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1498) extensions/python/xpcom/src/ErrorUtils.cpp:210 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1499) extensions/python/xpcom/src/PyGBase.cpp:586 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1500) extensions/python/xpcom/src/PyGBase.cpp:633 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1501) extensions/python/xpcom/src/PyGWeakReference.cpp:43 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1502) extensions/python/xpcom/src/PyIID.cpp:186 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1503) extensions/python/xpcom/src/PyISupports.cpp:110 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1504) extensions/python/xpcom/src/TypeObject.cpp:133 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1505) extensions/python/xpcom/src/VariantUtils.cpp:473 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. 1506) extensions/python/xpcom/src/VariantUtils.cpp:1986 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. 1507) extensions/python/xpcom/src/loader/pyloader.cpp:183 [4] (format) vsprintf: Potential format string problem. Make format string constant. 1508) extensions/python/xpcom/src/loader/pyloader.cpp:321 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1509) extensions/python/xpcom/src/loader/pyloader.cpp:329 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
Blocks: 148251
10 more flawfinder warnings in python (4346-4355) 4346) extensions/layout-debug/plugin/plugin.cpp:169 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 4347) extensions/python/xpcom/src/ErrorUtils.cpp:49 [4] (format) vsprintf: Potential format string problem. Make format string constant. 4348) extensions/python/xpcom/src/ErrorUtils.cpp:202 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 4349) extensions/python/xpcom/src/ErrorUtils.cpp:210 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 4350) extensions/python/xpcom/src/PyIID.cpp:186 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 4351) extensions/python/xpcom/src/PyISupports.cpp:110 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 4352) extensions/python/xpcom/src/TypeObject.cpp:133 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 4353) extensions/python/xpcom/src/loader/pyloader.cpp:183 [4] (format) vsprintf: Potential format string problem. Make format string constant. 4354) extensions/python/xpcom/src/loader/pyloader.cpp:321 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 4355) extensions/python/xpcom/src/loader/pyloader.cpp:329 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
QA Contact: scc → xpcom
Closing all open flawfinder bugs as WORKSFORME because we now have much better tools that do the same (well, better) kind of analysis (Coverity, Klocwork).
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.