Closed Bug 173636 Opened 20 years ago Closed 20 years ago

flawfinder warnings in Internationalization

Categories

(Core :: Internationalization, defect)

x86
Windows NT
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: morse, Assigned: smontagu)

References

Details

(Keywords: intl)

flawfinder found 20 warnings in internationalization code (1835-1854). Go 
through that list and for each warning:

* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in

In addition to checking the branch, also check the trunk.

1835) intl/chardet/tools/GenCyrillicClass.cpp:65 [4] (format) printf: if format 
strings can be influenced by an attacker, they can be exploited. Use a constant 
for the format specification.

1836) intl/chardet/tools/GenCyrillicClass.cpp:93 [4] (format) printf: if format 
strings can be influenced by an attacker, they can be exploited. Use a constant 
for the format specification.

1837) intl/locale/src/nsLocaleService.cpp:217 [3] (buffer) getenv: Environment 
variables are untrustable input if they can be set by an attacker. They can have 
any content and length, and the same variable can be set more than once.. Check 
environment variables carefully before using them.

1838) intl/locale/src/nsLocaleService.cpp:276 [3] (buffer) getenv: Environment 
variables are untrustable input if they can be set by an attacker. They can have 
any content and length, and the same variable can be set more than once.. Check 
environment variables carefully before using them.

1839) intl/locale/src/nsLocaleService.cpp:406 [4] (buffer) strcpy: does not 
check for buffer overflows. Consider using strncpy or strlcpy.

1840) intl/locale/src/nsLocaleService.cpp:462 [4] (buffer) strcpy: does not 
check for buffer overflows. Consider using strncpy or strlcpy.

1841) intl/locale/src/nsLocaleService.cpp:471 [4] (buffer) strcpy: does not 
check for buffer overflows. Consider using strncpy or strlcpy.

1842) intl/locale/src/nsScriptableDateFormat.cpp:149 [2] (buffer) sprintf: does 
not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because 
the source has a constant maximum length.

1843) intl/locale/src/mac/nsDateTimeFormatMac.cpp:434 [1] (buffer) strcat: does 
not check for buffer overflows. Consider using strncat or strlcat. Risk is low 
because the source is a constant character.

1844) intl/locale/src/mac/nsDateTimeFormatMac.cpp:435 [4] (buffer) strcat: does 
not check for buffer overflows. Consider using strncat or strlcat.

1845) intl/locale/tests/LocaleSelfTest.cpp:1001 [2] (buffer) strcpy: does not 
check for buffer overflows. Consider using strncpy or strlcpy. Risk is low 
because the source is a constant string.

1846) intl/locale/tests/LocaleSelfTest.cpp:1005 [5] (buffer) gets: does not 
check for buffer overflows. Use fgets() instead.

1847) intl/locale/tests/LocaleSelfTest.cpp:1008 [4] (buffer) strcpy: does not 
check for buffer overflows. Consider using strncpy or strlcpy.

1848) intl/uconv/public/nsICharsetConverterManager.h:121 [4] (buffer) sprintf: 
does not check for buffer overflows. Use snprintf or vsnprintf.

1849) intl/uconv/tools/umaptable.c:455 [5] (buffer) gets: does not check for 
buffer overflows. Use fgets() instead.

1850) intl/unicharutil/tools/ucgendat.c:1152 [4] (buffer) sprintf: does not 
check for buffer overflows. Use snprintf or vsnprintf.

1851) intl/unicharutil/tools/ucgendat.c:1223 [4] (buffer) sprintf: does not 
check for buffer overflows. Use snprintf or vsnprintf.

1852) intl/unicharutil/tools/ucgendat.c:1278 [4] (buffer) sprintf: does not 
check for buffer overflows. Use snprintf or vsnprintf.

1853) intl/unicharutil/tools/ucgendat.c:1338 [4] (buffer) sprintf: does not 
check for buffer overflows. Use snprintf or vsnprintf.

1854) intl/unicharutil/tools/ucgendat.c:1376 [4] (buffer) sprintf: does not 
check for buffer overflows. Use snprintf or vsnprintf.
Blocks: 148251
code issue, QA to yokoyama@netscape.com for now.
Keywords: intl
QA Contact: ruixu → yokoyama
Taking.
Assignee: yokoyama → smontagu
1835-1836 are in tools and not of concern
1837-1838 still pending
1839-1841 dup of 4498-4500 which are in bug 174189
1842-1843 still pending
1844 is a dup of 4497 which is in bug 174189
1845-1847 are in tests and not of concern
1848 is a dup of 4502 which is in bug 174189
1849-1854 are in tools and not of concern

1837-1838 are getenv and not of concern

Therefore the only ones still pending are 1842-1843
1842 is not a problem.  We are doing sprintf into a string which is 32 bytes
long.  If you add up all the characters being put into the string it comes to
about 19.  So there is no possibility of a buffer overrun here.

Only remaining warning is 1843.
1843: strcat(localBuffer, " ");

not in 1.0.1 branch nor the trunk
is in 1.0.0 branch
it looks like flawfinder was not run on the 1.0.1 branch after all
so this is not a problem on trunk or on 1.0.1 branch

No remaining warnings left.  Closing this report out as invalid.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.