Closed Bug 173636 Opened 23 years ago Closed 23 years ago

flawfinder warnings in Internationalization

Categories

(Core :: Internationalization, defect)

Product:
Core
Component:
Internationalization
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: morse, Assigned: smontagu)

References

Details

(Keywords: intl)

flawfinder found 20 warnings in internationalization code (1835-1854). Go through that list and for each warning: * If it is false positive, comment here why it is not an issue * If it is a real issue, make patch for it here and let's get them checked in In addition to checking the branch, also check the trunk. 1835) intl/chardet/tools/GenCyrillicClass.cpp:65 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. 1836) intl/chardet/tools/GenCyrillicClass.cpp:93 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. 1837) intl/locale/src/nsLocaleService.cpp:217 [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once.. Check environment variables carefully before using them. 1838) intl/locale/src/nsLocaleService.cpp:276 [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once.. Check environment variables carefully before using them. 1839) intl/locale/src/nsLocaleService.cpp:406 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1840) intl/locale/src/nsLocaleService.cpp:462 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1841) intl/locale/src/nsLocaleService.cpp:471 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1842) intl/locale/src/nsScriptableDateFormat.cpp:149 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. 1843) intl/locale/src/mac/nsDateTimeFormatMac.cpp:434 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character. 1844) intl/locale/src/mac/nsDateTimeFormatMac.cpp:435 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. 1845) intl/locale/tests/LocaleSelfTest.cpp:1001 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. 1846) intl/locale/tests/LocaleSelfTest.cpp:1005 [5] (buffer) gets: does not check for buffer overflows. Use fgets() instead. 1847) intl/locale/tests/LocaleSelfTest.cpp:1008 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. 1848) intl/uconv/public/nsICharsetConverterManager.h:121 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1849) intl/uconv/tools/umaptable.c:455 [5] (buffer) gets: does not check for buffer overflows. Use fgets() instead. 1850) intl/unicharutil/tools/ucgendat.c:1152 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1851) intl/unicharutil/tools/ucgendat.c:1223 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1852) intl/unicharutil/tools/ucgendat.c:1278 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1853) intl/unicharutil/tools/ucgendat.c:1338 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. 1854) intl/unicharutil/tools/ucgendat.c:1376 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
Blocks: 148251
code issue, QA to yokoyama@netscape.com for now.
Keywords: intl
QA Contact: ruixu → yokoyama
Taking.
Assignee: yokoyama → smontagu
1835-1836 are in tools and not of concern 1837-1838 still pending 1839-1841 dup of 4498-4500 which are in bug 174189 1842-1843 still pending 1844 is a dup of 4497 which is in bug 174189 1845-1847 are in tests and not of concern 1848 is a dup of 4502 which is in bug 174189 1849-1854 are in tools and not of concern
1837-1838 are getenv and not of concern Therefore the only ones still pending are 1842-1843
1842 is not a problem. We are doing sprintf into a string which is 32 bytes long. If you add up all the characters being put into the string it comes to about 19. So there is no possibility of a buffer overrun here. Only remaining warning is 1843.
1843: strcat(localBuffer, " "); not in 1.0.1 branch nor the trunk is in 1.0.0 branch it looks like flawfinder was not run on the 1.0.1 branch after all so this is not a problem on trunk or on 1.0.1 branch No remaining warnings left. Closing this report out as invalid.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.